Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nmy4mJXEaz.exe

Overview

General Information

Sample name:nmy4mJXEaz.exe
renamed because original name is a hash value
Original sample name:e9f4f5b56fea82ed8a63d8d31a25f17d.exe
Analysis ID:1575336
MD5:e9f4f5b56fea82ed8a63d8d31a25f17d
SHA1:f2bef840a55118cd7a4f8ccf6182efa58db58fe8
SHA256:b1b159e551802a83f91b224af4f670f3ee6e8ebe28f115d19620dfa51dc75e26
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • nmy4mJXEaz.exe (PID: 7552 cmdline: "C:\Users\user\Desktop\nmy4mJXEaz.exe" MD5: E9F4F5B56FEA82ED8A63D8D31A25F17D)
    • taskkill.exe (PID: 7608 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7744 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7808 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7864 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7928 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7992 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 8024 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 8040 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4236 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2196 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a88f283e-260f-41c2-8125-1c83f1c927d6} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 1775f570310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7616 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4032 -parentBuildID 20230927232528 -prefsHandle 3304 -prefMapHandle 2148 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3434a4e1-a5d0-4ddf-b0a9-4b5eaa32d90a} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 1775f543e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2092 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5196 -prefMapHandle 5192 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d3bde1-2b74-4e03-89ad-74b30b45474d} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 17770a46110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: nmy4mJXEaz.exe PID: 7552JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: nmy4mJXEaz.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: nmy4mJXEaz.exeVirustotal: Detection: 31%Perma Link
    Source: nmy4mJXEaz.exeReversingLabs: Detection: 31%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.9% probability
    Machine Learning detection for sample
    Source: nmy4mJXEaz.exeJoe Sandbox ML: detected
    Source: nmy4mJXEaz.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49721 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49729 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49790 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49814 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49813 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.7:49817 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49821 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49822 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49828 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49826 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49903 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49899 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49901 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49898 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49900 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49906 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49905 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.15.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000F.00000003.1483981627.000001776EDB2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000F.00000003.1481706511.000001776EDA1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000F.00000003.1483981627.000001776EDB2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000F.00000003.1482280821.000001776EDA6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000F.00000003.1481706511.000001776EDA1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000F.00000003.1482859429.000001776EDB1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.15.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000F.00000003.1482280821.000001776EDA6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000F.00000003.1482859429.000001776EDB1000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0091DBBE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008EC2A2 FindFirstFileExW,0_2_008EC2A2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009268EE FindFirstFileW,FindClose,0_2_009268EE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0092698F
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0091D076
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0091D3A9
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00929642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00929642
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0092979D
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00929B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00929B2B
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00925C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00925C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 230MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0092CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000F.00000003.1569845214.0000017770647000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1585620724.000001777B394000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1571403895.000001777B394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1585620724.000001777B394000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1571403895.000001777B394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1585620724.000001777B394000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1571403895.000001777B394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1585620724.000001777B394000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1571403895.000001777B394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1586191602.000001777B0AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572093957.000001777B0AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000F.00000003.1575723047.0000017771C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543370169.0000017771C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000F.00000003.1437892618.000001776ED53000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000F.00000003.1433380411.000001776ED74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1433021645.000001776ED70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000F.00000003.1473926595.000001776ED62000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1482513257.000001776ED55000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1484609119.000001776ED55000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1479008560.000001776ED62000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1483574892.000001776ED55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000F.00000003.1473926595.000001776ED62000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1482513257.000001776ED55000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1484609119.000001776ED55000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1479008560.000001776ED62000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1483574892.000001776ED55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000F.00000003.1437892618.000001776ED53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000F.00000003.1535085456.0000017777645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1592501277.0000017771455000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771455000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000F.00000003.1595519762.00000177731CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1588784739.0000017772ABE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000F.00000003.1571403895.000001777B376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1573739707.00000177778C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1528453097.000001777B376000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000F.00000003.1595519762.00000177731CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1571816874.000001777B362000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000F.00000003.1494335824.00000177729E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000F.00000003.1479751249.000001777C23A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1488813042.000001777C23A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1529839784.000001777C23A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1549047746.000001777C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000F.00000003.1486505481.000001776FDDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509144844.000001776FEF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578333495.0000017770B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509144844.000001776FEEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1417552901.0000017770748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1486852716.000001776FDEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509144844.000001776FECA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1574848366.0000017772814000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1580067092.0000017770B8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.00000177730ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1537190604.00000177731CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1563369197.00000177730DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355968301.000001776FDF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1481780355.000001777074F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1487938619.0000017770B8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1581061564.0000017770B5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1416784954.0000017770B61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1536739607.0000017773217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1571816874.000001777B357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1558921425.000001776CB75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000F.00000003.1473926595.000001776ED62000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1482513257.000001776ED55000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1484609119.000001776ED55000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1479008560.000001776ED62000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1483574892.000001776ED55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000F.00000003.1437892618.000001776ED53000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000F.00000003.1433380411.000001776ED74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1433021645.000001776ED70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000F.00000003.1528453097.000001777B357000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000F.00000003.1537939554.0000017773177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540207406.000001777282D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
    Source: firefox.exe, 0000000F.00000003.1537939554.0000017773177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000F.00000003.1537939554.0000017773177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540207406.000001777282D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1528453097.000001777B357000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000F.00000003.1437892618.000001776ED53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000F.00000003.1397857565.0000017771773000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1534047411.000001777923D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1399761593.0000017770E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000F.00000003.1592408374.0000017771773000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1589820704.0000017771750000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1397857565.0000017771773000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulj
    Source: mozilla-temp-41.15.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000F.00000003.1537939554.0000017773177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1528453097.000001777B357000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000F.00000003.1537939554.0000017773177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1528453097.000001777B357000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000003.1594603618.000001777791D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000F.00000003.1596757278.0000017772745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1542767861.0000017772745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777323B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000F.00000003.1535085456.0000017777645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1434365635.0000017771176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1425419980.000001777B128000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1428108776.000001777B128000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1518784539.000001777118E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1521101793.0000017771177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1434194099.000001777118E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510043070.000001777118C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1518454343.000001777B11E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509776071.000001777B11E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1520423361.000001777B12D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000F.00000003.1589160015.0000017771B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1576763782.0000017771B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000F.00000003.1537190604.00000177731CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1596602273.0000017772F90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1538375351.0000017772F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000F.00000003.1543370169.0000017771C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000011.00000002.2562673264.0000021BD26C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564642888.000001AA96F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
    Source: firefox.exe, 00000011.00000002.2562673264.0000021BD26C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564642888.000001AA96F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
    Source: firefox.exe, 0000000F.00000003.1586372678.00000177780AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000F.00000003.1423199187.000001776FE24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421733746.000001776FE24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000F.00000003.1423199187.000001776FE24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421733746.000001776FE24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000F.00000003.1423199187.000001776FE24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421733746.000001776FE24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000F.00000003.1569516382.0000017770686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000F.00000003.1537190604.000001777319E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000011.00000002.2562673264.0000021BD26C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564642888.000001AA96F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
    Source: firefox.exe, 00000011.00000002.2562673264.0000021BD26C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564642888.000001AA96F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000F.00000003.1535984156.00000177732EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000003.1535984156.00000177732D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1596089373.0000017773113000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000F.00000003.1388137752.0000017773053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000F.00000003.1535085456.0000017777645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1532895360.000001777B42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517633242.0000017771161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510043070.0000017771160000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000F.00000003.1538132013.0000017773145000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777314A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000F.00000003.1578333495.0000017770B67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000F.00000003.1388137752.0000017773053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000F.00000003.1399761593.0000017770E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 00000014.00000002.2561320441.000001AA96D13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000003.1401800347.000001777012C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1402440221.0000017770192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 0000000F.00000003.1401800347.000001777012C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1402440221.0000017770192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000F.00000003.1402440221.0000017770192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000F.00000003.1549609649.000001777928C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000003.1590997763.00000177779EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1596416822.0000017772FDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1588558596.0000017772FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1592501277.0000017771498000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1571097351.000001777B3F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
    Source: firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000014.00000002.2561320441.000001AA96D13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 0000000F.00000003.1535085456.0000017777645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000013.00000002.2560370423.0000018FF6E2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96D30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 0000000F.00000003.1535085456.0000017777645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777323B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 0000000F.00000003.1535085456.0000017777645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000F.00000003.1388137752.0000017773053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000F.00000003.1563369197.00000177730DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1512263132.00000177730DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1389592614.00000177730E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1399938739.00000177730DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.00000177730DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1388957806.00000177730DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499498538.00000177730DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000F.00000003.1563369197.00000177730DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1512263132.00000177730DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1389592614.00000177730E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1399938739.00000177730DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.00000177730DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1388957806.00000177730DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499498538.00000177730DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000F.00000003.1589160015.0000017771B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517633242.0000017771161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510043070.0000017771160000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1576763782.0000017771B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000F.00000003.1572851604.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593805580.00000177780BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1549837879.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586372678.00000177780B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000F.00000003.1545239902.0000017771B2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000F.00000003.1572851604.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593805580.00000177780BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1549837879.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586372678.00000177780B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000F.00000003.1572851604.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593805580.00000177780BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1549837879.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586372678.00000177780B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000F.00000003.1572851604.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593805580.00000177780BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1549837879.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586372678.00000177780B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000F.00000003.1572851604.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593805580.00000177780BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1549837879.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586372678.00000177780B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.15.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
    Source: firefox.exe, 0000000F.00000003.1589160015.0000017771B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1576763782.0000017771B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000F.00000003.1586879356.000001777802E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/3aa7576e-5bbe-42bf-ab04-3bceb
    Source: firefox.exe, 0000000F.00000003.1576763782.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/01e461df-d85d-4561-
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.00000177714C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1537126129.00000177731D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1592501277.00000177714C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/12672553-cb8c-4210-
    Source: firefox.exe, 0000000F.00000003.1596602273.0000017772F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/d2e52e90-28b1-4858-9382-2bdc
    Source: firefox.exe, 00000014.00000002.2561320441.000001AA96DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitV
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000F.00000003.1595140355.0000017777831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1399694992.0000017770E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000F.00000003.1596757278.0000017772745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1542767861.0000017772745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000F.00000003.1596757278.0000017772745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1542767861.0000017772745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000F.00000003.1532895360.000001777B42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517633242.0000017771161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510043070.0000017771160000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000011.00000002.2562673264.0000021BD2672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96D8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000011.00000002.2562673264.0000021BD2672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000F.00000003.1433380411.000001776ED74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1433021645.000001776ED70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
    Source: firefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000F.00000003.1545078225.0000017771B6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000F.00000003.1575723047.0000017771C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543370169.0000017771C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000F.00000003.1575723047.0000017771C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543370169.0000017771C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000F.00000003.1543370169.0000017771C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000F.00000003.1578333495.0000017770B67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000003.1550591253.0000017772FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000F.00000003.1535984156.00000177732D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000014.00000002.2561320441.000001AA96D13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000F.00000003.1595519762.00000177731CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000003.1402440221.0000017770192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
    Source: firefox.exe, 0000000F.00000003.1402440221.0000017770192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.000001777802E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000F.00000003.1551678152.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1591963723.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1576855963.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1589502049.0000017771B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000F.00000003.1534047411.0000017779257000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000F.00000003.1564491369.0000017771D90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1497303844.0000017771D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000F.00000003.1542710689.000001777275F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1575576892.000001777275F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000F.00000003.1534047411.0000017779257000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
    Source: firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000F.00000003.1388137752.0000017773053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1399694992.0000017770E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000F.00000003.1399694992.0000017770E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000011.00000002.2562673264.0000021BD26C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564642888.000001AA96F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
    Source: firefox.exe, 0000000F.00000003.1534525003.000001777796F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000F.00000003.1537190604.000001777319E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.15.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000F.00000003.1550591253.0000017772FEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1538375351.0000017772FEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1588558596.0000017772FEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 00000011.00000002.2562673264.0000021BD26C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564642888.000001AA96F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
    Source: firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000F.00000003.1399694992.0000017770E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000F.00000003.1538375351.0000017772FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1588558596.0000017772FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000F.00000003.1534047411.0000017779257000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
    Source: firefox.exe, 0000000F.00000003.1401800347.000001777012C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1402440221.0000017770192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000F.00000003.1534047411.0000017779257000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
    Source: firefox.exe, 0000000F.00000003.1551678152.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1591963723.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1576855963.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1589502049.0000017771B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000F.00000003.1533485027.0000017779295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.15.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000F.00000003.1573166730.0000017777994000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1534047411.0000017779257000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
    Source: firefox.exe, 0000000F.00000003.1551678152.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1591963723.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1576855963.0000017771B1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1589502049.0000017771B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000F.00000003.1534047411.0000017779257000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000014.00000002.2561320441.000001AA96DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000013.00000002.2560370423.0000018FF6EC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/J
    Source: firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000F.00000003.1534047411.0000017779257000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000F.00000003.1596757278.0000017772745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1542767861.0000017772745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000F.00000003.1538132013.0000017773145000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000F.00000003.1532895360.000001777B42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000F.00000003.1569845214.0000017770647000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000F.00000003.1528190114.000001777B394000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000F.00000003.1538132013.0000017773145000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000F.00000003.1543370169.0000017771C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572240348.0000017779239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: recovery.jsonlz4.tmp.15.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000014.00000002.2560865503.000001AA96CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=ht
    Source: firefox.exe, 00000014.00000002.2560041868.000001AA96A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accoun
    Source: firefox.exe, 0000000F.00000003.1543370169.0000017771C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2559661468.0000021BD2280000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2560742412.0000021BD2444000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2559661468.0000021BD228A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2559841128.0000018FF6BDA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2564529351.0000018FF6F94000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2560041868.000001AA96A50000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2560041868.000001AA96A5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2560865503.000001AA96CF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000D.00000002.1329995485.00000296492A7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.1344794420.0000021B65C9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000014.00000002.2560041868.000001AA96A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd6
    Source: firefox.exe, 00000011.00000002.2559661468.0000021BD2280000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2560742412.0000021BD2444000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2564529351.0000018FF6F94000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2559841128.0000018FF6BD0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2560041868.000001AA96A50000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2560865503.000001AA96CF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000013.00000002.2559841128.0000018FF6BD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdm
    Source: firefox.exe, 00000013.00000002.2559841128.0000018FF6BDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdy
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
    Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
    Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49721 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49729 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49790 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49814 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49813 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.7:49817 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49821 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49822 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49828 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49826 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49903 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49899 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49901 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49898 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49900 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49906 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49905 version: TLS 1.2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0092EAFF
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0092ED6A
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0092EAFF
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0091AA57
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00949576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00949576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: nmy4mJXEaz.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: nmy4mJXEaz.exe, 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_5e6db099-e
    Source: nmy4mJXEaz.exe, 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_ced3fedb-6
    Source: nmy4mJXEaz.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_813f7330-7
    Source: nmy4mJXEaz.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_8c3935c9-9
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000018FF6F6BAB7 NtQuerySystemInformation,19_2_0000018FF6F6BAB7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000018FF6F8AEB2 NtQuerySystemInformation,19_2_0000018FF6F8AEB2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0091D5EB
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00911201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00911201
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0091E8F6
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009220460_2_00922046
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008B80600_2_008B8060
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009182980_2_00918298
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008EE4FF0_2_008EE4FF
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008E676B0_2_008E676B
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009448730_2_00944873
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008DCAA00_2_008DCAA0
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008BCAF00_2_008BCAF0
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008CCC390_2_008CCC39
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008E6DD90_2_008E6DD9
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008B91C00_2_008B91C0
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008CB1190_2_008CB119
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D13940_2_008D1394
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D17060_2_008D1706
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D781B0_2_008D781B
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D19B00_2_008D19B0
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008B79200_2_008B7920
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008C997D0_2_008C997D
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D7A4A0_2_008D7A4A
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D7CA70_2_008D7CA7
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D1C770_2_008D1C77
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008E9EEE0_2_008E9EEE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0093BE440_2_0093BE44
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D1F320_2_008D1F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000018FF6F6BAB719_2_0000018FF6F6BAB7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000018FF6F8AEB219_2_0000018FF6F8AEB2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000018FF6F8B5DC19_2_0000018FF6F8B5DC
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000018FF6F8AEF219_2_0000018FF6F8AEF2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: String function: 008B9CB3 appears 31 times
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: String function: 008CF9F2 appears 40 times
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: String function: 008D0A30 appears 46 times
    Source: nmy4mJXEaz.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/34@69/12
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009237B5 GetLastError,FormatMessageW,0_2_009237B5
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009110BF AdjustTokenPrivileges,CloseHandle,0_2_009110BF
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_009116C3
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_009251CD
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0091D4DC
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0092648E
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008B42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008B42A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7616:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7936:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7872:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7816:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user~1\AppData\Local\Temp\firefoxJump to behavior
    Source: nmy4mJXEaz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000F.00000003.1533485027.0000017779295000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000F.00000003.1549609649.000001777928C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000F.00000003.1572797926.0000017779205000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: nmy4mJXEaz.exeVirustotal: Detection: 31%
    Source: nmy4mJXEaz.exeReversingLabs: Detection: 31%
    Source: unknownProcess created: C:\Users\user\Desktop\nmy4mJXEaz.exe "C:\Users\user\Desktop\nmy4mJXEaz.exe"
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2196 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a88f283e-260f-41c2-8125-1c83f1c927d6} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 1775f570310 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4032 -parentBuildID 20230927232528 -prefsHandle 3304 -prefMapHandle 2148 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3434a4e1-a5d0-4ddf-b0a9-4b5eaa32d90a} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 1775f543e10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5196 -prefMapHandle 5192 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d3bde1-2b74-4e03-89ad-74b30b45474d} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 17770a46110 utility
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2196 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a88f283e-260f-41c2-8125-1c83f1c927d6} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 1775f570310 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4032 -parentBuildID 20230927232528 -prefsHandle 3304 -prefMapHandle 2148 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3434a4e1-a5d0-4ddf-b0a9-4b5eaa32d90a} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 1775f543e10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5196 -prefMapHandle 5192 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d3bde1-2b74-4e03-89ad-74b30b45474d} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 17770a46110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.15.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000F.00000003.1483981627.000001776EDB2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000F.00000003.1481706511.000001776EDA1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000F.00000003.1483981627.000001776EDB2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000F.00000003.1482280821.000001776EDA6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000F.00000003.1481706511.000001776EDA1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000F.00000003.1482859429.000001776EDB1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.15.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000F.00000003.1482280821.000001776EDA6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000F.00000003.1482859429.000001776EDB1000.00000004.00000020.00020000.00000000.sdmp
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008B42DE
    Source: gmpopenh264.dll.tmp.15.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D0A76 push ecx; ret 0_2_008D0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008CF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_008CF98E
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00941C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00941C41
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96673
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000018FF6F6BAB7 rdtsc 19_2_0000018FF6F6BAB7
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeAPI coverage: 3.8 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0091DBBE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008EC2A2 FindFirstFileExW,0_2_008EC2A2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009268EE FindFirstFileW,FindClose,0_2_009268EE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0092698F
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0091D076
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0091D3A9
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00929642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00929642
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0092979D
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00929B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00929B2B
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00925C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00925C97
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008B42DE
    Source: nmy4mJXEaz.exe, 00000000.00000003.1390867187.0000000000E8F000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1389147295.0000000000E46000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1390056337.0000000000E53000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1389625076.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1390645929.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2559661468.0000021BD228A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2559841128.0000018FF6BDA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2564965058.0000018FF7420000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564419424.000001AA96E00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000011.00000002.2565599694.0000021BD2720000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000013.00000002.2564965058.0000018FF7420000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli
    Source: nmy4mJXEaz.exe, 00000000.00000002.1398650375.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1389147295.0000000000E46000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1392234192.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1392178128.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1390056337.0000000000E53000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1389625076.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1390645929.0000000000E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %SystemRoot%\System32\winrnr.dllHyper-V RAW
    Source: firefox.exe, 00000014.00000002.2560041868.000001AA96A5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW08
    Source: nmy4mJXEaz.exe, 00000000.00000003.1390867187.0000000000E8F000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1389147295.0000000000E46000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1390056337.0000000000E53000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1389625076.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, nmy4mJXEaz.exe, 00000000.00000003.1390645929.0000000000E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_
    Source: firefox.exe, 00000011.00000002.2566362123.0000021BD2800000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2564965058.0000018FF7420000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 00000013.00000002.2564965058.0000018FF7420000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000018FF6F6BAB7 rdtsc 19_2_0000018FF6F6BAB7
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0092EAA2 BlockInput,0_2_0092EAA2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008E2622
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008B42DE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D4CE8 mov eax, dword ptr fs:[00000030h]0_2_008D4CE8
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00910B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00910B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008E2622
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008D083F
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D09D5 SetUnhandledExceptionFilter,0_2_008D09D5
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008D0C21
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00911201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00911201
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008F2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_008F2BA5
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0091B226 SendInput,keybd_event,0_2_0091B226
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_009322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_009322DA
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00910B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00910B62
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00911663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00911663
    Source: nmy4mJXEaz.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: nmy4mJXEaz.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000F.00000003.1438506140.000001777B801000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008D0698 cpuid 0_2_008D0698
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0090D21C GetLocalTime,0_2_0090D21C
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_0090D27A GetUserNameW,0_2_0090D27A
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008EB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_008EB952
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_008B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008B42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: nmy4mJXEaz.exe PID: 7552, type: MEMORYSTR
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_81
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_XP
    Source: nmy4mJXEaz.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_XPe
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_VISTA
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_7
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: nmy4mJXEaz.exe PID: 7552, type: MEMORYSTR
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00931204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00931204
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00931806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00931806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575336 Sample: nmy4mJXEaz.exe Startdate: 15/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 nmy4mJXEaz.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 212 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49715, 49717 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49716, 49727, 49728 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    nmy4mJXEaz.exe32%VirustotalBrowse
    nmy4mJXEaz.exe32%ReversingLabsWin32.Ransomware.Generic
    nmy4mJXEaz.exe100%AviraTR/ATRAPS.Gen
    nmy4mJXEaz.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://truecolors.firefox.com/0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.193
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.193.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.78
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		172.217.19.206
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.129.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.171
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000F.00000003.1535085456.0000017777645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96DC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://datastudio.google.com/embed/reporting/firefox.exe, 0000000F.00000003.1535085456.0000017777645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1532895360.000001777B42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517633242.0000017771161000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510043070.0000017771160000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.15.drfalse
                                                                            		high
                                                                            https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000F.00000003.1388137752.0000017773053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000011.00000002.2562673264.0000021BD2672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96D8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.leboncoin.fr/firefox.exe, 0000000F.00000003.1399694992.0000017770E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 0000000F.00000003.1595519762.00000177731CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000F.00000003.1537190604.000001777319E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://shavar.services.mozilla.comfirefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://completion.amazon.com/search/complete?q=firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000F.00000003.1572851604.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593805580.00000177780BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1549837879.00000177780B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586372678.00000177780B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://monitor.firefox.com/breach-details/firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000F.00000003.1534525003.000001777796F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.msn.comfirefox.exe, 0000000F.00000003.1596757278.0000017772745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1542767861.0000017772745000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 0000000F.00000003.1402440221.0000017770192000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKfirefox.exe, 0000000F.00000003.1534047411.0000017779257000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://api.accounts.firefox.com/v1firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://ok.ru/firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.amazon.com/firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.youtube.com/firefox.exe, 0000000F.00000003.1528190114.000001777B394000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96D0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://MD8.mozilla.org/1/mfirefox.exe, 0000000F.00000003.1594603618.000001777791D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.bbc.co.uk/firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000F.00000003.1535984156.000001777324D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2561320441.000001AA96DC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://127.0.0.1:firefox.exe, 0000000F.00000003.1575723047.0000017771C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543370169.0000017771C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000F.00000003.1578333495.0000017770B67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://bugzilla.mofirefox.exe, 0000000F.00000003.1586372678.00000177780AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://mitmdetection.services.mozilla.com/firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000F.00000003.1399192513.00000177700A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://youtube.com/account?=recovery.jsonlz4.tmp.15.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 00000011.00000002.2562673264.0000021BD26C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564642888.000001AA96F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://spocs.getpocket.com/firefox.exe, 00000014.00000002.2561320441.000001AA96D13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.iqiyi.com/firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://addons.mozilla.org/firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://merino.services.mozilla.com/api/v1/suggestaboutfirefox.exe, 00000011.00000002.2562673264.0000021BD2672000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6E86000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://monitor.firefox.com/user/dashboardfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://monitor.firefox.com/aboutfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://mozilla.org/MPL/2.0/.firefox.exe, 0000000F.00000003.1486505481.000001776FDDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509144844.000001776FEF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578333495.0000017770B67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509144844.000001776FEEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1417552901.0000017770748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1486852716.000001776FDEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509144844.000001776FECA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1574848366.0000017772814000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1580067092.0000017770B8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491982189.00000177730ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1537190604.00000177731CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1563369197.00000177730DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355968301.000001776FDF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1481780355.000001777074F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1487938619.0000017770B8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1581061564.0000017770B5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1416784954.0000017770B61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1536739607.0000017773217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1571816874.000001777B357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1558921425.000001776CB75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://account.bellmedia.cfirefox.exe, 0000000F.00000003.1596757278.0000017772745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1542767861.0000017772745000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://login.microsoftonline.comfirefox.exe, 0000000F.00000003.1596757278.0000017772745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1542767861.0000017772745000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://coverage.mozilla.orgfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.15.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 0000000F.00000003.1402440221.0000017770192000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.zhihu.com/firefox.exe, 0000000F.00000003.1538132013.0000017773145000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1592501277.0000017771487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552031185.0000017771487000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://x1.c.lencr.org/0firefox.exe, 0000000F.00000003.1537939554.0000017773177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1528453097.000001777B357000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://x1.i.lencr.org/0firefox.exe, 0000000F.00000003.1537939554.0000017773177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1528453097.000001777B357000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000F.00000003.1491982189.0000017773052000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://blocked.cdn.mozilla.net/firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000F.00000003.1538132013.0000017773145000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777314A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000F.00000003.1595140355.0000017777831000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1399694992.0000017770E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000F.00000003.1538132013.000001777315D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1595701448.000001777315D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://profiler.firefox.comfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://identity.mozilla.com/apps/relayfirefox.exe, 0000000F.00000003.1545239902.0000017771B2A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000F.00000003.1542710689.000001777275F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1575576892.000001777275F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000F.00000003.1423199187.000001776FE24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421733746.000001776FE24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000F.00000003.1353025855.000001776CB33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000F.00000003.1550105263.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1593978126.0000017778046000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572996335.000001777802E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586879356.0000017778046000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000F.00000003.1535984156.00000177732D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1596089373.0000017773113000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://www.amazon.co.uk/firefox.exe, 0000000F.00000003.1399694992.0000017770E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000F.00000003.1590997763.00000177779EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://monitor.firefox.com/user/preferencesfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://screenshots.firefox.com/firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://truecolors.firefox.com/firefox.exe, 0000000F.00000003.1545026355.0000017771B88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                          https://www.google.com/searchfirefox.exe, 0000000F.00000003.1538375351.0000017772F3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351064810.000001776F142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351487738.000001776F183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350899606.000001776F122000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1350618557.000001776EF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1351245334.000001776F163000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://gpuweb.github.io/gpuweb/firefox.exe, 0000000F.00000003.1538375351.0000017772FAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1550591253.0000017772FAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://relay.firefox.com/api/v1/firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.firefox.exe, 00000011.00000002.2562673264.0000021BD26C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560370423.0000018FF6EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2564642888.000001AA96F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://topsites.services.mozilla.com/cid/firefox.exe, 00000011.00000002.2562160643.0000021BD24C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2563561933.0000018FF6F00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2560368483.000001AA96A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://www.wykop.pl/firefox.exe, 0000000F.00000003.1587938947.000001777782B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                        34.149.100.209
                                                                                                                                                                                                                                                                        		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.107.243.93
                                                                                                                                                                                                                                                                        		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.107.221.82
                                                                                                                                                                                                                                                                        		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.244.181.201
                                                                                                                                                                                                                                                                        		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.117.188.166
                                                                                                                                                                                                                                                                        		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                        35.201.103.21
                                                                                                                                                                                                                                                                        		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        151.101.193.91
                                                                                                                                                                                                                                                                        		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                        35.190.72.216
                                                                                                                                                                                                                                                                        		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        142.250.181.78
                                                                                                                                                                                                                                                                        		youtube.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.160.144.191
                                                                                                                                                                                                                                                                        		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.120.208.123
                                                                                                                                                                                                                                                                        		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                        Analysis ID:1575336
                                                                                                                                                                                                                                                                        Start date and time:2024-12-15 09:23:17 +01:00
                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                        Overall analysis duration:0h 7m 14s
                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:25
                                                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                        Sample name:nmy4mJXEaz.exe
                                                                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                                                                        Original Sample Name:e9f4f5b56fea82ed8a63d8d31a25f17d.exe
                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                        Classification:mal80.troj.evad.winEXE@34/34@69/12
                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 96%
                                                                                                                                                                                                                                                                        • Number of executed functions: 50
                                                                                                                                                                                                                                                                        • Number of non-executed functions: 294
                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 35.85.93.176, 44.228.225.150, 54.213.181.160, 142.250.181.138, 142.250.181.106, 172.217.17.46, 88.221.134.209, 88.221.134.155, 13.107.246.63, 23.218.208.109, 4.175.87.197
                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, time.windows.com, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                                                        03:24:28API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        34.117.188.1666eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                            151.101.193.91file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                34.149.100.2096eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    example.org6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    star-mini.c10r.facebook.com6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    https://qr.me-qr.com/nl/sWBHqqwxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    twitter.com6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.1

                                                                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSG6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    TRC.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.66.152.246
                                                                                                                                                                                                                                                                                                                                    TRC.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.65.156.142
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    FASTLYUS6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                    rebirth.arm5.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.156.89.37
                                                                                                                                                                                                                                                                                                                                    LaRHzSijsq.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    3edTbzftGf.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                    c56uoWlDXp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 185.199.111.133
                                                                                                                                                                                                                                                                                                                                    PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.137
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    https://www.google.co.ao/url?Obdy=ObM8wNGVUva21gnTm3qS&cgsr=7knoOQwChvIkzgfn0TSm&sa=t&wofc=nQYL5DF797O1da77PTBQ&url=amp%2Fprimer-distrito-amvt.org%2F.r%2F7T2aAE-SUREDANNYWthbnNoYS5rYW5vZGlhQGx0aW1pbmR0cmVlLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                    https://u13974777.ct.sendgrid.net/ls/click?upn=u001.1GFl1p-2BBYL-2Bhgs5F-2B0NOkrtNxvRU5lHyHn9X7Gay0rMweTw4Bty7YorCE1pBfo679HN2Nod-2BfRWA-2FvzNVU6n0ycgVO9YFLntVOrRszMr10A-3DE-mj_xaXJc0NsC5WAXuVv6HNgzGH9nxkzD8xRdi-2BQVNVTAgV30zfSKc1z4I-2Bc6Qx1hEzdtXusfFTLvSScqQmgK1DgmCe6NsmhCnbLpmZI7EPM56c0IpOXy2jX8FUofqX-2FLwkrDNu-2BJ8VdkhW-2BcibVgB56YvBarWAJ68QdVLDk-2BreYFAbG2RxK5FI2ZOf8OuVaYqzfkm-2FGiI9tY4Y1XN-2FN7Uh8Vtzi-2FP-2B8s9qjOHBuznAYsq-2B4GCewCcJExgcNnMrLH-2B3Pv6vH6wzFQkN2aMTddwwaWvcIkZYQDF7aLn1FYUQMocCkCTJEmkArX-2Bdrge72rYVSFN-2FsI6AAcwN5SA74y-2B4g6Q-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.65.44
                                                                                                                                                                                                                                                                                                                                    ATGS-MMD-ASUS6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    rebirth.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                    • 57.162.2.122
                                                                                                                                                                                                                                                                                                                                    rebirth.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                    • 48.105.135.114
                                                                                                                                                                                                                                                                                                                                    sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                    • 48.183.87.136
                                                                                                                                                                                                                                                                                                                                    powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                    • 33.54.211.134
                                                                                                                                                                                                                                                                                                                                    sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                    • 48.133.95.30
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                    • 48.231.67.69

                                                                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    fb0aa01abe9d8e4037eb3473ca6e2dca6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      Pl8Tb06C8A.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a12cae39-d5bb-4697-8164-0f971c367335.json (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):7957
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.168764849418485
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:skMvMXEm5cbhbVbTbfbRbObtbyEl7norNJA6unSrDtTkd/S9Q:skFxcNhnzFSJIrI1nSrDhkd/cQ
                                                                                                                                                                                                                                                                                                                                                        MD5:05742C67CFE0B8816187223864D6E84F
                                                                                                                                                                                                                                                                                                                                                        SHA1:B58DA80ABB9BCDC6AA710434FE0481EE2287CB72
                                                                                                                                                                                                                                                                                                                                                        SHA-256:3F2F2AD79B08DC95D6719994FE5F034AD305294A74AE97077E69F993006D7CD3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D6F58EC66CA84B07DF3D42616EA303F16C1A1540FBB91996B4BAE361EE0EAA6858BF4554E6AD2AFF6EAD5E1CA10B7F57A908876B8FF5231CCB6B69377C3C6462
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"a12cae39-d5bb-4697-8164-0f971c367335","creationDate":"2024-12-15T09:51:15.381Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a12cae39-d5bb-4697-8164-0f971c367335.json.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):7957
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.168764849418485
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:skMvMXEm5cbhbVbTbfbRbObtbyEl7norNJA6unSrDtTkd/S9Q:skFxcNhnzFSJIrI1nSrDhkd/cQ
                                                                                                                                                                                                                                                                                                                                                        MD5:05742C67CFE0B8816187223864D6E84F
                                                                                                                                                                                                                                                                                                                                                        SHA1:B58DA80ABB9BCDC6AA710434FE0481EE2287CB72
                                                                                                                                                                                                                                                                                                                                                        SHA-256:3F2F2AD79B08DC95D6719994FE5F034AD305294A74AE97077E69F993006D7CD3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D6F58EC66CA84B07DF3D42616EA303F16C1A1540FBB91996B4BAE361EE0EAA6858BF4554E6AD2AFF6EAD5E1CA10B7F57A908876B8FF5231CCB6B69377C3C6462
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"a12cae39-d5bb-4697-8164-0f971c367335","creationDate":"2024-12-15T09:51:15.381Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                        MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                        SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                        MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                        SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                        SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4514
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.937899827621438
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLLW8P:8S+Oc+UAOdwiOdKeQjDLLW8P
                                                                                                                                                                                                                                                                                                                                                        MD5:2D789EA25B6942C4E51DA4061E3220C3
                                                                                                                                                                                                                                                                                                                                                        SHA1:EE5968C26649D6CC747C649C985A41F7920A2486
                                                                                                                                                                                                                                                                                                                                                        SHA-256:1F6A3C8601D012D8B1B4E8ED99C8D289D449D2EF4B773ECBA001E3BE204B4A77
                                                                                                                                                                                                                                                                                                                                                        SHA-512:379C80E6CA802B5A694B594A892F17765EB9B8860AA5330F3CA7C16ACDB2D7059A7D4FC51AD5E5674E51233F3D5392BE614173E34B4BE1FE0CE948ABCFD93FC7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4514
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.937899827621438
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLLW8P:8S+Oc+UAOdwiOdKeQjDLLW8P
                                                                                                                                                                                                                                                                                                                                                        MD5:2D789EA25B6942C4E51DA4061E3220C3
                                                                                                                                                                                                                                                                                                                                                        SHA1:EE5968C26649D6CC747C649C985A41F7920A2486
                                                                                                                                                                                                                                                                                                                                                        SHA-256:1F6A3C8601D012D8B1B4E8ED99C8D289D449D2EF4B773ECBA001E3BE204B4A77
                                                                                                                                                                                                                                                                                                                                                        SHA-512:379C80E6CA802B5A694B594A892F17765EB9B8860AA5330F3CA7C16ACDB2D7059A7D4FC51AD5E5674E51233F3D5392BE614173E34B4BE1FE0CE948ABCFD93FC7
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5318
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.62067557672702
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                                                                                                                                                                        MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                                                                                                                                                                        SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                                                                                                                                                                        SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5318
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.62067557672702
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                                                                                                                                                                        MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                                                                                                                                                                        SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                                                                                                                                                                        SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                                                                                                                                                                        SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                        MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                        SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                        SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                        SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.186376962556299
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                                                                                                                                                                        MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                                                                                                                                                                        SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.186376962556299
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                                                                                                                                                                        MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                                                                                                                                                                        SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                                                                                                                                                                        SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                                                                                                                                                                        SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                        • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        • Filename: Pl8Tb06C8A.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.07327422437232566
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                        MD5:832354E36213CE8BF2A656B45F8689CC
                                                                                                                                                                                                                                                                                                                                                        SHA1:769594C51FCECFFB359AA771F5440ABEDE7774C5
                                                                                                                                                                                                                                                                                                                                                        SHA-256:2DAED01A048AEDF3759662A90489DC22A8217B6F514727999E09821E0BCE54A8
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DACDAFD34B0B71531220642AEB560BA1D138635C2005E3AF0D6A33433D528E85677B57A18EA9185E4210686A5672C6DE8C75671890A4FFA9CAE16B082BAB0409
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.034635539126218286
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:GtlstFfaOzklstFfaOz989//alEl:GtWtMdWtMo89XuM
                                                                                                                                                                                                                                                                                                                                                        MD5:67AA6F771244BAE23A2AA97B2F3BE0B8
                                                                                                                                                                                                                                                                                                                                                        SHA1:492DEBD05DDF1F128C5E61CF5D13DA1B8FD2B3E8
                                                                                                                                                                                                                                                                                                                                                        SHA-256:D703A5C00AA34DB8FFCFB7BCEFEE0477C3BB6A6E057076181BCE333E56E43458
                                                                                                                                                                                                                                                                                                                                                        SHA-512:6AD195BE0F30A4694C68F0688F3F054415CBC37C87403DE6BD7951E92CEBDD9D7A439A81C3873E276F0768C198E5145A501EF7FAB8A8DBEE650D7836BFC4343F
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:..-......................U.#.sl..1LN......t......-......................U.#.sl..1LN......t............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.03987425719201705
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:Ol1JvhImzIUGrBKUXFll8rEXsxdwhml8XW3R2:KbeemFll8dMhm93w
                                                                                                                                                                                                                                                                                                                                                        MD5:A97501DAAA750AE6C01A580E59524E6E
                                                                                                                                                                                                                                                                                                                                                        SHA1:10D01EA245D37C19B53ADD2417EF6AE46EBB7CE8
                                                                                                                                                                                                                                                                                                                                                        SHA-256:73C8CDA63FF76653C14F22EFD25F6C02843F098D54E2B8F6E0AABA4AC52F035E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:A0FFCF23866DCA4A423B4520825C56B541C275E9C9FF5D89BA361014897738969D5D46C7F150497DED7BDCE8D0A6A15DA33263984375C54E7C0642836C3BECC4
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:7....-............1LN...!...C_...........1LN...#.U..ls.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):13214
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.477029295449986
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:ltnSRkyYbBp6RqUCaXO6VdnNjZ5RHNBw8dbnSl:aeaqUN3NBPwM0
                                                                                                                                                                                                                                                                                                                                                        MD5:1E24DEE51829C237091AAAA3CF77D31E
                                                                                                                                                                                                                                                                                                                                                        SHA1:E374AED2055E0B303BAB8C99EC3947CCF87273D6
                                                                                                                                                                                                                                                                                                                                                        SHA-256:7F39B8816D4A29139A5C38A27BD9A94F1DE4BC1CE0B816CA750EA51BF4A1C06E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:80A08DFE182C23714E32984898595A7DAAC9D97D76A505F1EA56477872891C99DD65D7E13B878358B807B57EFB0377ED1D0B91AEDD29D80A0CBAB602160BFC5D
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734256245);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734256245);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734256245);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173425

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):13214
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.477029295449986
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:ltnSRkyYbBp6RqUCaXO6VdnNjZ5RHNBw8dbnSl:aeaqUN3NBPwM0
                                                                                                                                                                                                                                                                                                                                                        MD5:1E24DEE51829C237091AAAA3CF77D31E
                                                                                                                                                                                                                                                                                                                                                        SHA1:E374AED2055E0B303BAB8C99EC3947CCF87273D6
                                                                                                                                                                                                                                                                                                                                                        SHA-256:7F39B8816D4A29139A5C38A27BD9A94F1DE4BC1CE0B816CA750EA51BF4A1C06E
                                                                                                                                                                                                                                                                                                                                                        SHA-512:80A08DFE182C23714E32984898595A7DAAC9D97D76A505F1EA56477872891C99DD65D7E13B878358B807B57EFB0377ED1D0B91AEDD29D80A0CBAB602160BFC5D
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734256245);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734256245);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734256245);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173425

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                        MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                        SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                        SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                        SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.331325263762277
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxSTjLXnIgl/pnxQwRlszT5sKhixU3eHVVPNZTMamhuj3pOOcUb2mifj:GUpOx6HnR68U3etZTM45edHd
                                                                                                                                                                                                                                                                                                                                                        MD5:4BE42C22669D4D29DF681622F3F498B3
                                                                                                                                                                                                                                                                                                                                                        SHA1:541E5A2C69399D5402B3F960D3E2833250F4C965
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E8773418C43D5C4664D61125051A79513BCE7D024E826B2A3F9BD3910FEC0D89
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DCFB4886BCBDB511126B1BD55A1377A48474D2BDC52E10C7DB83B8290A8084FFE6916FED46194969058F126C4D4C44E0F9FFDBAC77873206D98CD060F9303617
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9c0780ee-a4ae-4335-b89a-e924174d83de}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734256250771,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P14914...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...21317,"originA...."f

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.331325263762277
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxSTjLXnIgl/pnxQwRlszT5sKhixU3eHVVPNZTMamhuj3pOOcUb2mifj:GUpOx6HnR68U3etZTM45edHd
                                                                                                                                                                                                                                                                                                                                                        MD5:4BE42C22669D4D29DF681622F3F498B3
                                                                                                                                                                                                                                                                                                                                                        SHA1:541E5A2C69399D5402B3F960D3E2833250F4C965
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E8773418C43D5C4664D61125051A79513BCE7D024E826B2A3F9BD3910FEC0D89
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DCFB4886BCBDB511126B1BD55A1377A48474D2BDC52E10C7DB83B8290A8084FFE6916FED46194969058F126C4D4C44E0F9FFDBAC77873206D98CD060F9303617
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9c0780ee-a4ae-4335-b89a-e924174d83de}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734256250771,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P14914...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...21317,"originA...."f

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.331325263762277
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxSTjLXnIgl/pnxQwRlszT5sKhixU3eHVVPNZTMamhuj3pOOcUb2mifj:GUpOx6HnR68U3etZTM45edHd
                                                                                                                                                                                                                                                                                                                                                        MD5:4BE42C22669D4D29DF681622F3F498B3
                                                                                                                                                                                                                                                                                                                                                        SHA1:541E5A2C69399D5402B3F960D3E2833250F4C965
                                                                                                                                                                                                                                                                                                                                                        SHA-256:E8773418C43D5C4664D61125051A79513BCE7D024E826B2A3F9BD3910FEC0D89
                                                                                                                                                                                                                                                                                                                                                        SHA-512:DCFB4886BCBDB511126B1BD55A1377A48474D2BDC52E10C7DB83B8290A8084FFE6916FED46194969058F126C4D4C44E0F9FFDBAC77873206D98CD060F9303617
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9c0780ee-a4ae-4335-b89a-e924174d83de}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734256250771,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P14914...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...21317,"originA...."f

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                        MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                        SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                        SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                        SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.036739129256011
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YrSAYweUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7f86SLAVL7J5FtsfAcb5:ycw+TEr5ZwoIhzzcHvbw6Kkdrc2Rn27
                                                                                                                                                                                                                                                                                                                                                        MD5:7D1502A87EC79E73140CC34391047980
                                                                                                                                                                                                                                                                                                                                                        SHA1:98D642876CF633031FEC0C087076089F7CBC2F95
                                                                                                                                                                                                                                                                                                                                                        SHA-256:797AD21A95140A08B65375B4853D150256A339A7725EDE0B93EA4139DAAAF223
                                                                                                                                                                                                                                                                                                                                                        SHA-512:779B8D213C27959EA3184BE91FFBB52DC1C19A360EACD5DC14B1CB7D987B207E7BC0AB65871E548251A97E3F7DAFD7345B839AEB7CBA9C37BCEA509E7C7FFF24
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-15T09:50:33.118Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.036739129256011
                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YrSAYweUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7f86SLAVL7J5FtsfAcb5:ycw+TEr5ZwoIhzzcHvbw6Kkdrc2Rn27
                                                                                                                                                                                                                                                                                                                                                        MD5:7D1502A87EC79E73140CC34391047980
                                                                                                                                                                                                                                                                                                                                                        SHA1:98D642876CF633031FEC0C087076089F7CBC2F95
                                                                                                                                                                                                                                                                                                                                                        SHA-256:797AD21A95140A08B65375B4853D150256A339A7725EDE0B93EA4139DAAAF223
                                                                                                                                                                                                                                                                                                                                                        SHA-512:779B8D213C27959EA3184BE91FFBB52DC1C19A360EACD5DC14B1CB7D987B207E7BC0AB65871E548251A97E3F7DAFD7345B839AEB7CBA9C37BCEA509E7C7FFF24
                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-15T09:50:33.118Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.708471129092041
                                                                                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                        File name:nmy4mJXEaz.exe
                                                                                                                                                                                                                                                                                                                                                        File size:972'800 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5:e9f4f5b56fea82ed8a63d8d31a25f17d
                                                                                                                                                                                                                                                                                                                                                        SHA1:f2bef840a55118cd7a4f8ccf6182efa58db58fe8
                                                                                                                                                                                                                                                                                                                                                        SHA256:b1b159e551802a83f91b224af4f670f3ee6e8ebe28f115d19620dfa51dc75e26
                                                                                                                                                                                                                                                                                                                                                        SHA512:fd7ec916910d7008b94e528b98dcffe4df7d7d4d8a1bbfdcb85f2332066360da7ea3d8009495f0c460af60c3f7ea1c787a0df7c05aa323a8c9356f22957caa1b
                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8aAxSba:GTvC/MTQYxsWR7aAkb
                                                                                                                                                                                                                                                                                                                                                        TLSH:5F25AE0273C1C062FF9B92334B5AF6515BBC69260123E62F13A81DB9BD705B1563E7A3
                                                                                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                                                                                        Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                        Time Stamp:0x675DDA2C [Sat Dec 14 19:19:08 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                        Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                                                                                        call 00007FA5F4EBE033h
                                                                                                                                                                                                                                                                                                                                                        jmp 00007FA5F4EBD93Fh
                                                                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                        call 00007FA5F4EBDB1Dh
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                        call 00007FA5F4EBDAEAh
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                        and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                        and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                        add eax, 04h
                                                                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                                                                        call 00007FA5F4EC06DDh
                                                                                                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                                                                        call 00007FA5F4EC0728h
                                                                                                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                                                                        call 00007FA5F4EC0711h
                                                                                                                                                                                                                                                                                                                                                        test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                        pop ecx

                                                                                                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x16d88.rsrc
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                        .rsrc0xd40000x16d880x16e00894dd26a42089a2ca8e87bef456db87eFalse0.7112043203551912data7.203528193939016IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                        .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                        RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                        RT_RCDATA0xdc8fc0xdf0cdata1.0004553415061297
                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xea8080x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xea8800x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xea8940x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xea8a80x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                        RT_VERSION0xea8bc0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                        RT_MANIFEST0xea9980x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                                                                                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                        PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                        UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                        EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.146903992 CET49714443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.146950960 CET4434971435.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.147129059 CET49715443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.147167921 CET44349715142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.147681952 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.148616076 CET49714443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.148839951 CET49715443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.154113054 CET49714443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.154135942 CET4434971435.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.155466080 CET49715443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.155482054 CET44349715142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.268729925 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.279999971 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.280606031 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.302434921 CET49717443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.302476883 CET44349717142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.312160969 CET49717443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.314562082 CET49717443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.314573050 CET44349717142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.400253057 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.680809975 CET49718443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.680869102 CET4434971834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.681627989 CET49718443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.683290958 CET49718443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.683309078 CET4434971834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.365000010 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.373049021 CET4434971435.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.373140097 CET49714443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.458990097 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.465176105 CET49720443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.465219975 CET4434972034.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.465337038 CET49721443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.465344906 CET4434972135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.469837904 CET49720443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.469928026 CET49721443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.469944000 CET49714443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.469965935 CET4434971435.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.470257044 CET49721443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.470267057 CET4434972135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.470272064 CET49714443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.470514059 CET4434971435.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.471637011 CET49720443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.471649885 CET4434972034.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.471997023 CET49714443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.579547882 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.579857111 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.780436039 CET4972780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.780540943 CET4972880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.858896971 CET44349715142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.859944105 CET44349715142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.861121893 CET49715443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.861151934 CET44349715142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.870460033 CET49715443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.870492935 CET44349715142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.870609045 CET49715443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.870769024 CET44349715142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.871006966 CET49715443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.900244951 CET804972734.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.900259972 CET804972834.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.900850058 CET4972780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.901099920 CET4972880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.901099920 CET4972780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.901236057 CET4972880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.911735058 CET49729443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.911797047 CET4434972934.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.912518978 CET49729443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.912676096 CET49729443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.912691116 CET4434972934.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.913192034 CET4434971834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.913281918 CET49718443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.918118954 CET49718443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.918128014 CET4434971834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.918203115 CET49718443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.918374062 CET4434971834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.931067944 CET49718443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.005621910 CET44349717142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.005640030 CET44349717142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.005733967 CET49717443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.006308079 CET44349717142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.006746054 CET49717443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.010126114 CET49717443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.010137081 CET44349717142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.010258913 CET49717443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.010351896 CET44349717142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.010735035 CET49730443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.010802984 CET44349730142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.010818005 CET49717443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.010911942 CET49730443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.012315989 CET49730443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.012342930 CET44349730142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.022985935 CET804972734.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.023998022 CET804972834.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.686053038 CET4434972135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.691468954 CET49721443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.693449974 CET4434972034.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.694714069 CET49720443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.694823027 CET49721443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.694828033 CET4434972135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.695086002 CET4434972135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.698683023 CET49721443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.698824883 CET4434972135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.698856115 CET49721443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.698862076 CET4434972135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.700103998 CET49720443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.700109959 CET4434972034.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.700175047 CET49720443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.700334072 CET49721443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.700381994 CET4434972034.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.700679064 CET49720443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.890276909 CET49732443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.890326023 CET4434973234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.895251989 CET49732443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.896701097 CET49732443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.896734953 CET4434973234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.994168043 CET804972734.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.994187117 CET804972834.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.994448900 CET4972780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.994558096 CET4972880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.114870071 CET804972734.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.114938021 CET4972780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.115421057 CET804972834.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.115468979 CET4972880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.136800051 CET4434972934.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.136878967 CET49729443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.140129089 CET49729443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.140161991 CET4434972934.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.140499115 CET4434972934.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.142358065 CET49729443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.142435074 CET49729443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.142793894 CET4434972934.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.143023014 CET49729443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.429785967 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.433012009 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.549603939 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.552711964 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.556287050 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.556324005 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.556502104 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.559365034 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.676208973 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.679476976 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.702497959 CET44349730142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.703216076 CET44349730142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.703587055 CET49730443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.703625917 CET44349730142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.711790085 CET49730443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.711831093 CET44349730142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.711890936 CET49730443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.712413073 CET44349730142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.713206053 CET49736443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.713265896 CET4434973634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.718260050 CET49730443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.718430042 CET49736443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.721230030 CET49736443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.721249104 CET4434973634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.118463993 CET4434973234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.118813038 CET49732443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.123148918 CET49732443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.123148918 CET49732443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.123166084 CET4434973234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.123389959 CET4434973234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.123442888 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.123491049 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.123589993 CET49732443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.123603106 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.124978065 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.124998093 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150652885 CET49743443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150707006 CET4434974334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.151052952 CET49743443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.152484894 CET49743443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.152498007 CET4434974334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.152822971 CET49744443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.152858019 CET4434974435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.152991056 CET49744443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.153084993 CET49744443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.153095961 CET4434974435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.153568029 CET49745443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.153578997 CET4434974534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.153631926 CET49745443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.155029058 CET49745443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.155040026 CET4434974534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.674601078 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.674886942 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.730916977 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.730935097 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.940522909 CET4434973634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.940650940 CET49736443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.039326906 CET49736443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.039351940 CET4434973634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.039397001 CET49736443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.039625883 CET4434973634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.039681911 CET49736443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.348061085 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.348251104 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.354172945 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.354193926 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.354298115 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.354537964 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.354598045 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.374727964 CET4434974435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.374814034 CET49744443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.377645016 CET49744443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.377671957 CET4434974435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.377995968 CET4434974435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.379400969 CET4434974534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.379520893 CET49745443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.382632971 CET4434974334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.382745028 CET49743443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.403281927 CET49744443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.403496981 CET49744443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.403830051 CET4434974435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.404144049 CET49744443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.404632092 CET49745443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.404666901 CET4434974534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.404700994 CET49745443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.404961109 CET4434974534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.405025005 CET49745443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.406147957 CET49743443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.406169891 CET4434974334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.406243086 CET49743443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.406728029 CET4434974334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:31.406794071 CET49743443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.691267967 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.692590952 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.810965061 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.812330961 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.852138996 CET49759443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.852186918 CET4434975934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.852264881 CET49759443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.853702068 CET49759443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.853725910 CET4434975934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.005784988 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.007380962 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.056160927 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.056207895 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:36.066154957 CET4434975934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:36.066322088 CET49759443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:36.070945024 CET49759443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:36.070974112 CET4434975934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:36.071055889 CET49759443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:36.071233988 CET4434975934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:36.071320057 CET49759443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.405776024 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.412460089 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.417154074 CET49774443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.417201996 CET4434977434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.418144941 CET49774443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.419517040 CET49774443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.419538975 CET4434977434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.424968004 CET49775443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.424985886 CET4434977534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.428448915 CET49775443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.430033922 CET49775443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.430047989 CET4434977534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.445756912 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.445784092 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.448127985 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.448302984 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.448313951 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.525883913 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.532217026 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.720472097 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.727330923 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.763330936 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.778956890 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:41.636296034 CET4434977434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:41.636384964 CET49774443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:41.640908957 CET4434977534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:41.640995979 CET49775443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:41.659590960 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:41.659681082 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.270265102 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.270304918 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.271266937 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.275770903 CET49774443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.275803089 CET4434977434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276010036 CET49774443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276094913 CET4434977434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276166916 CET49775443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276184082 CET4434977534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276279926 CET49775443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276396036 CET4434977534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276405096 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276470900 CET49774443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276492119 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:42.276601076 CET49775443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.043320894 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.054037094 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.083174944 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.083231926 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.084963083 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.085160017 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.085175991 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.086707115 CET49788443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.086745977 CET4434978834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.087652922 CET49788443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.087749004 CET49788443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.087760925 CET4434978834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.095782042 CET49789443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.095824957 CET4434978934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.096085072 CET49789443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.097460985 CET49789443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.097502947 CET4434978934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.163337946 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.173834085 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.357541084 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.368772984 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.402553082 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.418171883 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.295200109 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.295330048 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.298382998 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.298394918 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.298691988 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.298998117 CET4434978834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.299407959 CET49788443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.302329063 CET49788443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.302342892 CET4434978834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.302602053 CET4434978834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.305068970 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.305311918 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.305804968 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.305814028 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306224108 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306272030 CET4434979034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306284904 CET49788443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306345940 CET49788443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306438923 CET4434978834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306576014 CET49788443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306725979 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306725979 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.306749105 CET4434979034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.313420057 CET4434978934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.313633919 CET49789443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.318320036 CET49789443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.318329096 CET4434978934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.318438053 CET49789443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.318511009 CET4434978934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.318566084 CET49789443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.511337996 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:44.512435913 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.290838957 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.294811964 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.298415899 CET49796443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.298465967 CET4434979634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.300261974 CET49796443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.301563025 CET49796443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.301578999 CET4434979634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.410605907 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.414849043 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.517981052 CET4434979034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.518167019 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.521243095 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.521253109 CET4434979034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.521523952 CET4434979034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.523405075 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.523549080 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.523593903 CET4434979034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.523706913 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.523854971 CET49790443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.605525970 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.609766006 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.656006098 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.656016111 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.748305082 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.748516083 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.868105888 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.869235039 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.064704895 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.064827919 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.110584021 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.110600948 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.513758898 CET4434979634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.520863056 CET49796443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.549107075 CET49796443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.549124002 CET4434979634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.549232960 CET49796443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.549376011 CET4434979634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.550431013 CET49796443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.552191973 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.556137085 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.558535099 CET49797443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.558598995 CET4434979734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.558727980 CET49797443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.560226917 CET49797443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.560242891 CET4434979734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.673768997 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.677026033 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.868685007 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.872193098 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.913019896 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.913466930 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.354459047 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.475162983 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.670769930 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.715384007 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.802634954 CET4434979734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.802813053 CET49797443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.807343006 CET49797443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.807353020 CET4434979734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.807580948 CET4434979734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.807589054 CET49797443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.807596922 CET4434979734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.810199976 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.930028915 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.019336939 CET4434979734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.019427061 CET49797443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.125303984 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.128716946 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.185600996 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.248718977 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.443269968 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.486506939 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.499934912 CET49813443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.499991894 CET4434981335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.500865936 CET49813443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.501008034 CET49813443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.501015902 CET4434981335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.508341074 CET49814443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.508373022 CET4434981434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.509126902 CET49814443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.509264946 CET49814443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.509279966 CET4434981434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.511517048 CET49815443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.511527061 CET4434981535.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.522955894 CET49815443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.524694920 CET49815443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.524707079 CET4434981535.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.653944016 CET49816443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.653990030 CET4434981635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.654295921 CET49816443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.655771971 CET49816443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.655785084 CET4434981635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.722779036 CET49817443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.722816944 CET44349817151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.723458052 CET49817443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.723623991 CET49817443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.723634005 CET44349817151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.516211987 CET49818443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.516258955 CET4434981834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.516463041 CET49818443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.517735004 CET49818443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.517745018 CET4434981834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.719284058 CET4434981434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.719367981 CET49814443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.719856977 CET4434981335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.720115900 CET49813443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.722918034 CET49814443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.722930908 CET4434981434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.723176003 CET4434981434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.726001978 CET49813443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.726017952 CET4434981335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.726327896 CET4434981335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.728656054 CET49814443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.728849888 CET4434981434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.728913069 CET49814443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.728923082 CET4434981434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.729115963 CET49813443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.729265928 CET49813443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.729305029 CET4434981335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.729775906 CET49821443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.729816914 CET4434982134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.729851961 CET49813443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.730071068 CET49821443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.730071068 CET49821443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.730103970 CET4434982134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.733805895 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.744576931 CET4434981535.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.744616985 CET4434981535.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.744684935 CET49815443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.748663902 CET49815443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.748692036 CET4434981535.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.748748064 CET49815443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.749104023 CET4434981535.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.749324083 CET49815443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.853624105 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.872363091 CET4434981635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.872492075 CET49816443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.877350092 CET49816443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.877367020 CET4434981635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.877469063 CET49816443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.877547026 CET4434981635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.877700090 CET49816443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.882122040 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.882172108 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.882368088 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.882505894 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.882517099 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.937828064 CET44349817151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.937953949 CET49817443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.939327955 CET4434981434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.941055059 CET49817443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.941065073 CET44349817151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.941303015 CET44349817151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.941302061 CET49814443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.943806887 CET49817443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.943921089 CET49817443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.943945885 CET44349817151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.944127083 CET49817443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.953355074 CET49826443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.953408957 CET4434982635.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.953655958 CET49826443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.954108000 CET49826443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.954122066 CET4434982635.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.956198931 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.956235886 CET4434982735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.956614971 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.956724882 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.956736088 CET4434982735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.958722115 CET49828443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.958750963 CET4434982835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.958841085 CET49828443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.959363937 CET49828443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.959373951 CET4434982835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.048619032 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.053925991 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.090372086 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.173737049 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.368809938 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.422513962 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.729547024 CET4434981834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.729643106 CET49818443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.734899044 CET49818443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.734909058 CET4434981834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.735049009 CET49818443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.735094070 CET4434981834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.735363960 CET49818443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.738425970 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.858259916 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.943510056 CET4434982134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.943705082 CET49821443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.948288918 CET49821443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.948301077 CET4434982134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.948537111 CET4434982134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.953061104 CET49821443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.953346014 CET4434982134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.953438997 CET49821443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.953449011 CET4434982134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.053250074 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.058769941 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.093624115 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.093847990 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.098392010 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.098404884 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.098793983 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.102185965 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.102324963 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.102411985 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.102508068 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.106985092 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.159368038 CET4434982134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.159630060 CET49821443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.169219017 CET4434982835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.169358969 CET49828443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.170152903 CET4434982635.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.170290947 CET49826443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.173779964 CET4434982735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.173866034 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.174221039 CET49828443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.174231052 CET4434982835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.174475908 CET4434982835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.177563906 CET49826443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.177572966 CET4434982635.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.177810907 CET4434982635.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.178714991 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.180921078 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.180947065 CET4434982735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.181849003 CET4434982735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.185935974 CET49828443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.186116934 CET4434982835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.186125040 CET49828443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.186132908 CET4434982835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.186167002 CET49826443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.186526060 CET49826443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.186557055 CET4434982635.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.186999083 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.187227011 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.187428951 CET4434982735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.193718910 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.193718910 CET49827443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.193726063 CET49826443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.227477074 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.382074118 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.395344973 CET4434982835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.395462036 CET49828443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.422507048 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.425571918 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.427038908 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.463373899 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.547485113 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.741863966 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.795476913 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:05.424565077 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:05.544918060 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:05.756731033 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:05.876641035 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.395174980 CET49875443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.395226955 CET4434987534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.395332098 CET49875443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.396812916 CET49875443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.396845102 CET4434987534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.554863930 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.675057888 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.887003899 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.007466078 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.610502958 CET4434987534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.610595942 CET49875443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.615741014 CET49875443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.615772009 CET4434987534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.615844011 CET49875443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.616302967 CET4434987534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.616400957 CET49875443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.618947983 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.738832951 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.935262918 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.948587894 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.990323067 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:17.068850040 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:17.263443947 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:17.313508987 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.725585938 CET49898443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.725657940 CET4434989834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.725740910 CET49899443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.725830078 CET4434989934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.725871086 CET49900443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.725929976 CET4434990034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726005077 CET49901443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726093054 CET4434990134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726139069 CET49902443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726150036 CET4434990234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726258993 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726284027 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726839066 CET49898443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726862907 CET49902443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726862907 CET49900443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726865053 CET49901443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.726865053 CET49899443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727057934 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727063894 CET49898443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727094889 CET4434989834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727205992 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727226019 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727245092 CET49902443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727264881 CET4434990234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727358103 CET49901443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727380037 CET4434990134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727413893 CET49900443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727427959 CET4434990034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727489948 CET49899443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.727530956 CET4434989934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.938613892 CET4434990234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.938699961 CET49902443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.939884901 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.939918995 CET4434989934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.940045118 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.940119028 CET4434990134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.940155983 CET49899443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.940290928 CET49901443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.942485094 CET49902443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.942493916 CET4434990234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.942787886 CET4434990234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.945076942 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.945112944 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.945379972 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.947396040 CET49901443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.947428942 CET4434990134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.947690964 CET4434990134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.948926926 CET4434989834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.949889898 CET49899443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.949917078 CET4434989934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.950048923 CET4434990034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.950126886 CET49898443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.950213909 CET4434989934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.950778008 CET49900443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.953134060 CET49898443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.953162909 CET4434989834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.954091072 CET4434989834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.956232071 CET49900443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.956247091 CET4434990034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.956568956 CET4434990034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.960969925 CET49902443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.961150885 CET4434990234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.961211920 CET49902443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.961218119 CET4434990234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.962213039 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.962454081 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.962538004 CET49901443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.962719917 CET4434990134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.962949038 CET49901443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.962971926 CET4434990134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.963010073 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.963021040 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.963083029 CET49899443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.963278055 CET4434989934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.963643074 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.963727951 CET49899443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964083910 CET49899443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964098930 CET4434989934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964190960 CET49898443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964447975 CET49905443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964510918 CET4434990534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964554071 CET49898443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964698076 CET4434989834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964801073 CET49906443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.964821100 CET4434990634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.970375061 CET49900443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.970499992 CET49900443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.970993996 CET4434990034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.972481966 CET49898443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.972512960 CET49900443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.972606897 CET49906443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.972619057 CET49905443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.972676039 CET49905443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.972701073 CET4434990534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.972750902 CET49906443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.972763062 CET4434990634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.975399971 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.095134020 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.167334080 CET4434990134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.167361021 CET4434990234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.174422979 CET49901443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.174508095 CET49902443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.290692091 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.294553995 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.333512068 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.414324045 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.608757019 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.650017977 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.190776110 CET4434990634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.190792084 CET4434990634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.191998959 CET4434990534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.192018032 CET4434990534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.193627119 CET49906443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.193629980 CET49905443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.196643114 CET49906443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.196662903 CET4434990634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.196976900 CET4434990634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.199101925 CET49905443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.199114084 CET4434990534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.199390888 CET4434990534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.202467918 CET49906443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.202848911 CET49906443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.202891111 CET4434990634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.203108072 CET49905443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.203181982 CET49905443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.203351974 CET49906443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.203550100 CET4434990534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.204582930 CET49905443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.206293106 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.326595068 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.521392107 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.524837017 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.568236113 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.644750118 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.839647055 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.884728909 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:35.526628017 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:35.646537066 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:35.843178034 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:35.963114023 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:45.653458118 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:45.773338079 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:45.976540089 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:46.097824097 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:55.781912088 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:55.903588057 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:56.104929924 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:56.225168943 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.085139036 CET49982443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.085179090 CET4434998234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.085712910 CET49982443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.087342978 CET49982443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.087353945 CET4434998234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.297660112 CET4434998234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.297777891 CET49982443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.304502010 CET49982443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.304513931 CET4434998234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.304622889 CET49982443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.304745913 CET4434998234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.305697918 CET49982443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.307996988 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.429689884 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.625088930 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.629441023 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.674685001 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.749358892 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.944097996 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.991202116 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:08.643599987 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:08.764008999 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:08.957663059 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:09.077424049 CET804973434.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:18.771251917 CET4973580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:18.891192913 CET804973534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:19.087866068 CET4973480192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:19.207639933 CET804973434.107.221.82192.168.2.7

                                                                                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:25.999912977 CET5285453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.000938892 CET6414353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.137700081 CET53528541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.147255898 CET5690553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.147505999 CET4945753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.148123980 CET5612553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.286189079 CET53494571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.287741899 CET53561251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.327187061 CET5847753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.327639103 CET4936153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.384826899 CET53569051.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.393873930 CET5166253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.464596987 CET53584771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.465857983 CET53493611.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.531050920 CET53516621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.537509918 CET5462453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.615375996 CET5245253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.675236940 CET53546241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.680886984 CET4991753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.752727032 CET53524521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.818602085 CET53499171.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.819344997 CET5000453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.956542015 CET53500041.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.461797953 CET5128753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.463211060 CET6004053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.599127054 CET53512871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.601075888 CET53600401.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.602135897 CET5326953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.603087902 CET5371453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.624861002 CET6179253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.637784958 CET5968353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.638266087 CET6528953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.740330935 CET53537141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.744035006 CET53532691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.759332895 CET6424353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.761894941 CET53617921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.776308060 CET53596831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.896773100 CET53642431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.912430048 CET5652353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.051805973 CET53565231.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.052829027 CET5944153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.192269087 CET53594411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.666817904 CET5669453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.244677067 CET5462053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.265646935 CET53559191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.381922960 CET53546201.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.383184910 CET5275253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.520267963 CET53527521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.557665110 CET6369353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.697091103 CET53636931.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.013196945 CET5675353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150329113 CET53567531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150830030 CET5616653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.153943062 CET5546753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.288913965 CET53561661.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.289804935 CET5015653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.292218924 CET53554671.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.292741060 CET5584453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.428103924 CET53501561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.429955959 CET53558441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.671900034 CET5710753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.708775997 CET6416753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.809132099 CET53571071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.811028957 CET5810753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.846492052 CET53641671.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.055577993 CET53581071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.059878111 CET6136853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.198018074 CET53613681.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.417295933 CET5390953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.425875902 CET4996853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.554541111 CET53539091.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.562952042 CET53499681.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.288564920 CET6467953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.288842916 CET5029053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.289077997 CET4951553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.425821066 CET53502901.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.426990032 CET53495151.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET53646791.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.428253889 CET6535253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.428594112 CET5363553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.428839922 CET5273253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.565136909 CET53653521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566113949 CET5289253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET53527321.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566469908 CET53536351.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566898108 CET5771153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.567384958 CET4978053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.703924894 CET53528921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.703938007 CET53577111.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.704834938 CET6531353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.704834938 CET5414653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.705665112 CET53497801.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.707051039 CET5959353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.842273951 CET53541461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843179941 CET53653131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843302965 CET5646553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843821049 CET6370653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.844023943 CET53595931.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.982418060 CET53637061.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.983350992 CET5855753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.992245913 CET53564651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.992844105 CET5085253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.121156931 CET53585571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.132894039 CET53508521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.810528040 CET5718153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.499106884 CET5227353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.500746965 CET5432553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.512749910 CET5746553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.652710915 CET53574651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.654289007 CET5119353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.718703032 CET53522731.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.722965956 CET5036153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.743477106 CET53543251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.853811026 CET53511931.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.854743004 CET6061853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.868731022 CET53503611.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.869585037 CET6248253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.995963097 CET53606181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.007462978 CET53624821.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.516377926 CET5457753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.653954983 CET53545771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.734158039 CET5337653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.872975111 CET6430353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.395845890 CET5345053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.537695885 CET53534501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.724344969 CET6308553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.861529112 CET53630851.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:56.943990946 CET5007353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.083590984 CET53500731.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.085359097 CET5138353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.222603083 CET53513831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.308284998 CET6171453192.168.2.71.1.1.1

                                                                                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:25.999912977 CET192.168.2.71.1.1.10xfe5fStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.000938892 CET192.168.2.71.1.1.10x2dc4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.147255898 CET192.168.2.71.1.1.10xb838Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.147505999 CET192.168.2.71.1.1.10x948cStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.148123980 CET192.168.2.71.1.1.10x8c11Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.327187061 CET192.168.2.71.1.1.10x2a09Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.327639103 CET192.168.2.71.1.1.10x38fcStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.393873930 CET192.168.2.71.1.1.10x5d2Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.537509918 CET192.168.2.71.1.1.10xa319Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.615375996 CET192.168.2.71.1.1.10xcca3Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.680886984 CET192.168.2.71.1.1.10x5020Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.819344997 CET192.168.2.71.1.1.10x14dbStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.461797953 CET192.168.2.71.1.1.10xd779Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.463211060 CET192.168.2.71.1.1.10xd052Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.602135897 CET192.168.2.71.1.1.10x1802Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.603087902 CET192.168.2.71.1.1.10x39bdStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.624861002 CET192.168.2.71.1.1.10x6295Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.637784958 CET192.168.2.71.1.1.10xe456Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.638266087 CET192.168.2.71.1.1.10xd783Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.759332895 CET192.168.2.71.1.1.10x51e5Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.912430048 CET192.168.2.71.1.1.10xd5e2Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.052829027 CET192.168.2.71.1.1.10xcacaStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.666817904 CET192.168.2.71.1.1.10xd12dStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.244677067 CET192.168.2.71.1.1.10x4e6eStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.383184910 CET192.168.2.71.1.1.10x357fStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.557665110 CET192.168.2.71.1.1.10x88d7Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.013196945 CET192.168.2.71.1.1.10x72b6Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150830030 CET192.168.2.71.1.1.10xdeacStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.153943062 CET192.168.2.71.1.1.10xbd01Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.289804935 CET192.168.2.71.1.1.10x5b6eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.292741060 CET192.168.2.71.1.1.10x5808Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.671900034 CET192.168.2.71.1.1.10x7be0Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.708775997 CET192.168.2.71.1.1.10x6b9eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.811028957 CET192.168.2.71.1.1.10xeab3Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.059878111 CET192.168.2.71.1.1.10x8106Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.417295933 CET192.168.2.71.1.1.10x414dStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.425875902 CET192.168.2.71.1.1.10x48f0Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.288564920 CET192.168.2.71.1.1.10x295cStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.288842916 CET192.168.2.71.1.1.10x5335Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.289077997 CET192.168.2.71.1.1.10xf656Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.428253889 CET192.168.2.71.1.1.10xd361Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.428594112 CET192.168.2.71.1.1.10x952dStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.428839922 CET192.168.2.71.1.1.10x2b85Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566113949 CET192.168.2.71.1.1.10xf55cStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566898108 CET192.168.2.71.1.1.10x74cbStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.567384958 CET192.168.2.71.1.1.10x9461Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.704834938 CET192.168.2.71.1.1.10xf113Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.704834938 CET192.168.2.71.1.1.10xed18Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.707051039 CET192.168.2.71.1.1.10x8b2aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843302965 CET192.168.2.71.1.1.10x9cfeStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843821049 CET192.168.2.71.1.1.10xde66Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.983350992 CET192.168.2.71.1.1.10x48d5Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.992844105 CET192.168.2.71.1.1.10x9ba1Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.810528040 CET192.168.2.71.1.1.10xa34dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.499106884 CET192.168.2.71.1.1.10xbdd6Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.500746965 CET192.168.2.71.1.1.10x2b56Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.512749910 CET192.168.2.71.1.1.10x1547Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.654289007 CET192.168.2.71.1.1.10x53ddStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.722965956 CET192.168.2.71.1.1.10x283fStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.854743004 CET192.168.2.71.1.1.10x8219Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.869585037 CET192.168.2.71.1.1.10xa70dStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.516377926 CET192.168.2.71.1.1.10xa2f9Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.734158039 CET192.168.2.71.1.1.10x6a91Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.872975111 CET192.168.2.71.1.1.10x97b4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.395845890 CET192.168.2.71.1.1.10x2209Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.724344969 CET192.168.2.71.1.1.10x77e7Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:56.943990946 CET192.168.2.71.1.1.10xbbfcStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.085359097 CET192.168.2.71.1.1.10xdc57Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.308284998 CET192.168.2.71.1.1.10x5a7cStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.137700081 CET1.1.1.1192.168.2.70xfe5fNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.137885094 CET1.1.1.1192.168.2.70x2dc4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.137885094 CET1.1.1.1192.168.2.70x2dc4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.141606092 CET1.1.1.1192.168.2.70x74d6No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.286189079 CET1.1.1.1192.168.2.70x948cNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.287741899 CET1.1.1.1192.168.2.70x8c11No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.384826899 CET1.1.1.1192.168.2.70xb838No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.464596987 CET1.1.1.1192.168.2.70x2a09No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.465857983 CET1.1.1.1192.168.2.70x38fcNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.675236940 CET1.1.1.1192.168.2.70xa319No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.752727032 CET1.1.1.1192.168.2.70xcca3No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.752727032 CET1.1.1.1192.168.2.70xcca3No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.799619913 CET1.1.1.1192.168.2.70xf851No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.799619913 CET1.1.1.1192.168.2.70xf851No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.818602085 CET1.1.1.1192.168.2.70x5020No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.599127054 CET1.1.1.1192.168.2.70xd779No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.601075888 CET1.1.1.1192.168.2.70xd052No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.761894941 CET1.1.1.1192.168.2.70x6295No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.776308060 CET1.1.1.1192.168.2.70xe456No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.776308060 CET1.1.1.1192.168.2.70xe456No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.779531956 CET1.1.1.1192.168.2.70xd783No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.779531956 CET1.1.1.1192.168.2.70xd783No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.896773100 CET1.1.1.1192.168.2.70x51e5No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.896773100 CET1.1.1.1192.168.2.70x51e5No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.896773100 CET1.1.1.1192.168.2.70x51e5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.051805973 CET1.1.1.1192.168.2.70xd5e2No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.192269087 CET1.1.1.1192.168.2.70xcacaNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.805778980 CET1.1.1.1192.168.2.70xd12dNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.381922960 CET1.1.1.1192.168.2.70x4e6eNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.520267963 CET1.1.1.1192.168.2.70x357fNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.148583889 CET1.1.1.1192.168.2.70xc9b4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150008917 CET1.1.1.1192.168.2.70xf7c9No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150008917 CET1.1.1.1192.168.2.70xf7c9No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150329113 CET1.1.1.1192.168.2.70x72b6No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.150329113 CET1.1.1.1192.168.2.70x72b6No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.288913965 CET1.1.1.1192.168.2.70xdeacNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.292218924 CET1.1.1.1192.168.2.70xbd01No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.809132099 CET1.1.1.1192.168.2.70x7be0No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.809132099 CET1.1.1.1192.168.2.70x7be0No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.809132099 CET1.1.1.1192.168.2.70x7be0No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.846622944 CET1.1.1.1192.168.2.70xc90dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.055577993 CET1.1.1.1192.168.2.70xeab3No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.425821066 CET1.1.1.1192.168.2.70x5335No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.425821066 CET1.1.1.1192.168.2.70x5335No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.426990032 CET1.1.1.1192.168.2.70xf656No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.426990032 CET1.1.1.1192.168.2.70xf656No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.427136898 CET1.1.1.1192.168.2.70x295cNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.565136909 CET1.1.1.1192.168.2.70xd361No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566335917 CET1.1.1.1192.168.2.70x2b85No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.566469908 CET1.1.1.1192.168.2.70x952dNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.703924894 CET1.1.1.1192.168.2.70xf55cNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.703938007 CET1.1.1.1192.168.2.70x74cbNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.703938007 CET1.1.1.1192.168.2.70x74cbNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.703938007 CET1.1.1.1192.168.2.70x74cbNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.703938007 CET1.1.1.1192.168.2.70x74cbNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.705665112 CET1.1.1.1192.168.2.70x9461No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.842273951 CET1.1.1.1192.168.2.70xed18No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843179941 CET1.1.1.1192.168.2.70xf113No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843179941 CET1.1.1.1192.168.2.70xf113No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843179941 CET1.1.1.1192.168.2.70xf113No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843179941 CET1.1.1.1192.168.2.70xf113No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.843179941 CET1.1.1.1192.168.2.70xf113No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.982418060 CET1.1.1.1192.168.2.70xde66No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.982418060 CET1.1.1.1192.168.2.70xde66No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.982418060 CET1.1.1.1192.168.2.70xde66No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.982418060 CET1.1.1.1192.168.2.70xde66No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.992245913 CET1.1.1.1192.168.2.70x9cfeNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.959424973 CET1.1.1.1192.168.2.70xa34dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.959424973 CET1.1.1.1192.168.2.70xa34dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.652710915 CET1.1.1.1192.168.2.70x1547No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.652710915 CET1.1.1.1192.168.2.70x1547No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.718703032 CET1.1.1.1192.168.2.70xbdd6No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.718703032 CET1.1.1.1192.168.2.70xbdd6No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.718703032 CET1.1.1.1192.168.2.70xbdd6No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.718703032 CET1.1.1.1192.168.2.70xbdd6No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.853811026 CET1.1.1.1192.168.2.70x53ddNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.868731022 CET1.1.1.1192.168.2.70x283fNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.868731022 CET1.1.1.1192.168.2.70x283fNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.868731022 CET1.1.1.1192.168.2.70x283fNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:52.868731022 CET1.1.1.1192.168.2.70x283fNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.007462978 CET1.1.1.1192.168.2.70xa70dNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.007462978 CET1.1.1.1192.168.2.70xa70dNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.007462978 CET1.1.1.1192.168.2.70xa70dNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.007462978 CET1.1.1.1192.168.2.70xa70dNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.871465921 CET1.1.1.1192.168.2.70x6a91No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.871465921 CET1.1.1.1192.168.2.70x6a91No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.010879993 CET1.1.1.1192.168.2.70x97b4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.010879993 CET1.1.1.1192.168.2.70x97b4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.711430073 CET1.1.1.1192.168.2.70xff71No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.711430073 CET1.1.1.1192.168.2.70xff71No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:22.712764978 CET1.1.1.1192.168.2.70x8e9No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:57.083590984 CET1.1.1.1192.168.2.70xbbfcNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.448550940 CET1.1.1.1192.168.2.70x5a7cNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.448550940 CET1.1.1.1192.168.2.70x5a7cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                        • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        0192.168.2.74971634.107.221.82808040C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:26.280606031 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.365000010 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16578
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        1192.168.2.74972734.107.221.82808040C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.901099920 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.994168043 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82175
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        2192.168.2.74972834.107.221.82808040C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:27.901236057 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:28.994187117 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16579
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        3192.168.2.74973434.107.221.82808040C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.556502104 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.674601078 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82177
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.691267967 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.005784988 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82181
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.405776024 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.720472097 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82187
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.043320894 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.357541084 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82190
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.290838957 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.605525970 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82192
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.748305082 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.064827919 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82192
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.552191973 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.868685007 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82193
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.354459047 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.670769930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82194
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.128716946 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.443269968 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82195
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.053925991 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.368809938 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82201
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.058769941 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.382074118 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82202
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.427038908 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.741863966 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82202
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:05.756731033 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.887003899 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.948587894 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:17.263443947 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82224
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.294553995 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.608757019 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82231
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.524837017 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.839647055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82232
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:35.843178034 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:45.976540089 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:56.104929924 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.629441023 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.944097996 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 82265
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:08.957663059 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:19.087866068 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                        4192.168.2.74973534.107.221.82808040C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:29.559365034 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:30.674886942 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16581
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:34.692590952 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:35.007380962 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16585
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.412460089 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:40.727330923 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16591
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.054037094 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:43.368772984 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16594
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.294811964 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.609766006 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16596
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:45.748516083 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.064704895 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16596
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.556137085 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:46.872193098 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16597
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:47.810199976 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:48.125303984 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16598
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:53.733805895 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.048619032 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16604
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:54.738425970 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.053250074 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16605
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.106985092 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:24:55.422507048 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16606
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:05.424565077 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:15.554863930 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.618947983 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:16.935262918 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16627
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:23.975399971 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:24.290692091 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16635
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.206293106 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:25.521392107 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16636
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:35.526628017 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:45.653458118 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:55.781912088 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.307996988 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:25:58.625088930 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                        Age: 16669
                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:08.643599987 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                        Dec 15, 2024 09:26:18.771251917 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:15
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\nmy4mJXEaz.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\nmy4mJXEaz.exe"
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x8b0000
                                                                                                                                                                                                                                                                                                                                                        File size:972'800 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:E9F4F5B56FEA82ED8A63D8D31A25F17D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:16
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x8f0000
                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:16
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:18
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x8f0000
                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:18
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x8f0000
                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x8f0000
                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x8f0000
                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:19
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:21
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2196 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a88f283e-260f-41c2-8125-1c83f1c927d6} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 1775f570310 socket
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:23
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4032 -parentBuildID 20230927232528 -prefsHandle 3304 -prefMapHandle 2148 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3434a4e1-a5d0-4ddf-b0a9-4b5eaa32d90a} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 1775f543e10 rdd
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                                                                                                        Start time:03:24:29
                                                                                                                                                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5196 -prefMapHandle 5192 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d3bde1-2b74-4e03-89ad-74b30b45474d} 8040 "\\.\pipe\gecko-crash-server-pipe.8040" 17770a46110 utility
                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:4.2%
                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:1772
                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:62
                                                                                                                                                                                                                                                                                                                                                          execution_graph 96176 942a55 96184 921ebc 96176->96184 96179 942a70 96186 9139c0 22 API calls 96179->96186 96181 942a7c 96187 91417d 22 API calls __fread_nolock 96181->96187 96183 942a87 96185 921ec3 IsWindow 96184->96185 96185->96179 96185->96183 96186->96181 96187->96183 96188 90d255 96189 90d275 96188->96189 96191 8b3b1c 96188->96191 96192 8b3b8c 96191->96192 96193 8b3b29 96191->96193 96192->96189 96193->96192 96194 8b3b30 RegOpenKeyExW 96193->96194 96194->96192 96195 8b3b4a RegQueryValueExW 96194->96195 96196 8b3b6b 96195->96196 96197 8b3b80 RegCloseKey 96195->96197 96196->96197 96197->96192 96198 90d29a 96201 91de27 WSAStartup 96198->96201 96200 90d2a5 96202 91de50 gethostname gethostbyname 96201->96202 96203 91dee6 96201->96203 96202->96203 96204 91de73 __fread_nolock 96202->96204 96203->96200 96205 91dea5 inet_ntoa 96204->96205 96209 91de87 96204->96209 96207 91debe _strcat 96205->96207 96206 91dede WSACleanup 96206->96203 96210 91ebd1 96207->96210 96209->96206 96211 91ebe0 _strlen 96210->96211 96212 91ec37 96210->96212 96213 91ebef MultiByteToWideChar 96211->96213 96212->96209 96213->96212 96214 91ec04 96213->96214 96217 8cfe0b 96214->96217 96216 91ec20 MultiByteToWideChar 96216->96212 96218 8cfddb 96217->96218 96220 8cfdfa 96218->96220 96223 8cfdfc 96218->96223 96227 8dea0c 96218->96227 96234 8d4ead 7 API calls 2 library calls 96218->96234 96220->96216 96222 8d066d 96236 8d32a4 RaiseException 96222->96236 96223->96222 96235 8d32a4 RaiseException 96223->96235 96226 8d068a 96226->96216 96232 8e3820 __dosmaperr 96227->96232 96228 8e385e 96238 8df2d9 20 API calls __dosmaperr 96228->96238 96230 8e3849 RtlAllocateHeap 96231 8e385c 96230->96231 96230->96232 96231->96218 96232->96228 96232->96230 96237 8d4ead 7 API calls 2 library calls 96232->96237 96234->96218 96235->96222 96236->96226 96237->96232 96238->96231 96239 8e8402 96244 8e81be 96239->96244 96242 8e842a 96249 8e81ef try_get_first_available_module 96244->96249 96246 8e83ee 96263 8e27ec 26 API calls pre_c_initialization 96246->96263 96248 8e8343 96248->96242 96256 8f0984 96248->96256 96255 8e8338 96249->96255 96259 8d8e0b 40 API calls 2 library calls 96249->96259 96251 8e838c 96251->96255 96260 8d8e0b 40 API calls 2 library calls 96251->96260 96253 8e83ab 96253->96255 96261 8d8e0b 40 API calls 2 library calls 96253->96261 96255->96248 96262 8df2d9 20 API calls __dosmaperr 96255->96262 96264 8f0081 96256->96264 96258 8f099f 96258->96242 96259->96251 96260->96253 96261->96255 96262->96246 96263->96248 96266 8f008d ___scrt_is_nonwritable_in_current_image 96264->96266 96265 8f009b 96322 8df2d9 20 API calls __dosmaperr 96265->96322 96266->96265 96268 8f00d4 96266->96268 96275 8f065b 96268->96275 96269 8f00a0 96323 8e27ec 26 API calls pre_c_initialization 96269->96323 96274 8f00aa __wsopen_s 96274->96258 96325 8f042f 96275->96325 96278 8f068d 96357 8df2c6 20 API calls __dosmaperr 96278->96357 96279 8f06a6 96343 8e5221 96279->96343 96282 8f0692 96358 8df2d9 20 API calls __dosmaperr 96282->96358 96283 8f06ab 96284 8f06cb 96283->96284 96285 8f06b4 96283->96285 96356 8f039a CreateFileW 96284->96356 96359 8df2c6 20 API calls __dosmaperr 96285->96359 96289 8f00f8 96324 8f0121 LeaveCriticalSection __wsopen_s 96289->96324 96290 8f06b9 96360 8df2d9 20 API calls __dosmaperr 96290->96360 96291 8f0781 GetFileType 96294 8f078c GetLastError 96291->96294 96295 8f07d3 96291->96295 96293 8f0756 GetLastError 96362 8df2a3 20 API calls __dosmaperr 96293->96362 96363 8df2a3 20 API calls __dosmaperr 96294->96363 96365 8e516a 21 API calls 2 library calls 96295->96365 96296 8f0704 96296->96291 96296->96293 96361 8f039a CreateFileW 96296->96361 96300 8f079a CloseHandle 96300->96282 96303 8f07c3 96300->96303 96302 8f0749 96302->96291 96302->96293 96364 8df2d9 20 API calls __dosmaperr 96303->96364 96304 8f07f4 96307 8f0840 96304->96307 96366 8f05ab 72 API calls 3 library calls 96304->96366 96306 8f07c8 96306->96282 96311 8f086d 96307->96311 96367 8f014d 72 API calls 4 library calls 96307->96367 96310 8f0866 96310->96311 96312 8f087e 96310->96312 96368 8e86ae 96311->96368 96312->96289 96314 8f08fc CloseHandle 96312->96314 96383 8f039a CreateFileW 96314->96383 96316 8f0927 96317 8f0931 GetLastError 96316->96317 96321 8f095d 96316->96321 96384 8df2a3 20 API calls __dosmaperr 96317->96384 96319 8f093d 96385 8e5333 21 API calls 2 library calls 96319->96385 96321->96289 96322->96269 96323->96274 96324->96274 96326 8f046a 96325->96326 96327 8f0450 96325->96327 96386 8f03bf 96326->96386 96327->96326 96393 8df2d9 20 API calls __dosmaperr 96327->96393 96330 8f045f 96394 8e27ec 26 API calls pre_c_initialization 96330->96394 96332 8f04a2 96333 8f04d1 96332->96333 96395 8df2d9 20 API calls __dosmaperr 96332->96395 96342 8f0524 96333->96342 96397 8dd70d 26 API calls 2 library calls 96333->96397 96336 8f051f 96338 8f059e 96336->96338 96336->96342 96337 8f04c6 96396 8e27ec 26 API calls pre_c_initialization 96337->96396 96398 8e27fc 11 API calls _abort 96338->96398 96341 8f05aa 96342->96278 96342->96279 96344 8e522d ___scrt_is_nonwritable_in_current_image 96343->96344 96401 8e2f5e EnterCriticalSection 96344->96401 96346 8e527b 96402 8e532a 96346->96402 96347 8e5259 96405 8e5000 96347->96405 96350 8e52a4 __wsopen_s 96350->96283 96352 8e5234 96352->96346 96352->96347 96353 8e52c7 EnterCriticalSection 96352->96353 96353->96346 96354 8e52d4 LeaveCriticalSection 96353->96354 96354->96352 96356->96296 96357->96282 96358->96289 96359->96290 96360->96282 96361->96302 96362->96282 96363->96300 96364->96306 96365->96304 96366->96307 96367->96310 96431 8e53c4 96368->96431 96370 8e86c4 96444 8e5333 21 API calls 2 library calls 96370->96444 96371 8e86be 96371->96370 96373 8e53c4 __wsopen_s 26 API calls 96371->96373 96382 8e86f6 96371->96382 96375 8e86ed 96373->96375 96374 8e53c4 __wsopen_s 26 API calls 96376 8e8702 CloseHandle 96374->96376 96379 8e53c4 __wsopen_s 26 API calls 96375->96379 96376->96370 96380 8e870e GetLastError 96376->96380 96377 8e871c 96378 8e873e 96377->96378 96445 8df2a3 20 API calls __dosmaperr 96377->96445 96378->96289 96379->96382 96380->96370 96382->96370 96382->96374 96383->96316 96384->96319 96385->96321 96387 8f03d7 96386->96387 96388 8f03f2 96387->96388 96399 8df2d9 20 API calls __dosmaperr 96387->96399 96388->96332 96390 8f0416 96400 8e27ec 26 API calls pre_c_initialization 96390->96400 96392 8f0421 96392->96332 96393->96330 96394->96326 96395->96337 96396->96333 96397->96336 96398->96341 96399->96390 96400->96392 96401->96352 96413 8e2fa6 LeaveCriticalSection 96402->96413 96404 8e5331 96404->96350 96414 8e4c7d 96405->96414 96407 8e501f 96422 8e29c8 96407->96422 96409 8e5012 96409->96407 96421 8e3405 11 API calls 2 library calls 96409->96421 96410 8e5071 96410->96346 96412 8e5147 EnterCriticalSection 96410->96412 96412->96346 96413->96404 96420 8e4c8a __dosmaperr 96414->96420 96415 8e4cca 96429 8df2d9 20 API calls __dosmaperr 96415->96429 96416 8e4cb5 RtlAllocateHeap 96418 8e4cc8 96416->96418 96416->96420 96418->96409 96420->96415 96420->96416 96428 8d4ead 7 API calls 2 library calls 96420->96428 96421->96409 96423 8e29d3 RtlFreeHeap 96422->96423 96424 8e29fc __dosmaperr 96422->96424 96423->96424 96425 8e29e8 96423->96425 96424->96410 96430 8df2d9 20 API calls __dosmaperr 96425->96430 96427 8e29ee GetLastError 96427->96424 96428->96420 96429->96418 96430->96427 96432 8e53e6 96431->96432 96433 8e53d1 96431->96433 96438 8e540b 96432->96438 96448 8df2c6 20 API calls __dosmaperr 96432->96448 96446 8df2c6 20 API calls __dosmaperr 96433->96446 96435 8e53d6 96447 8df2d9 20 API calls __dosmaperr 96435->96447 96438->96371 96439 8e5416 96449 8df2d9 20 API calls __dosmaperr 96439->96449 96440 8e53de 96440->96371 96442 8e541e 96450 8e27ec 26 API calls pre_c_initialization 96442->96450 96444->96377 96445->96378 96446->96435 96447->96440 96448->96439 96449->96442 96450->96440 96451 8f2402 96454 8b1410 96451->96454 96455 8b144f mciSendStringW 96454->96455 96456 8f24b8 DestroyWindow 96454->96456 96457 8b146b 96455->96457 96458 8b16c6 96455->96458 96468 8f24c4 96456->96468 96459 8b1479 96457->96459 96457->96468 96458->96457 96460 8b16d5 UnregisterHotKey 96458->96460 96487 8b182e 96459->96487 96460->96458 96462 8f24d8 96462->96468 96493 8b6246 CloseHandle 96462->96493 96463 8f24e2 FindClose 96463->96468 96465 8f2509 96469 8f252d 96465->96469 96470 8f251c FreeLibrary 96465->96470 96467 8b148e 96467->96469 96475 8b149c 96467->96475 96468->96462 96468->96463 96468->96465 96471 8f2541 VirtualFree 96469->96471 96476 8b1509 96469->96476 96470->96465 96471->96469 96472 8b14f8 CoUninitialize 96472->96476 96473 8f2589 96480 8f2598 messages 96473->96480 96494 9232eb 6 API calls messages 96473->96494 96475->96472 96476->96473 96477 8b1514 96476->96477 96491 8b1944 VirtualFreeEx CloseHandle 96477->96491 96479 8b153a 96479->96480 96482 8b161f 96479->96482 96483 8f2627 96480->96483 96495 9164d4 22 API calls messages 96480->96495 96482->96483 96484 8b166d 96482->96484 96483->96483 96484->96483 96492 8b1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96484->96492 96486 8b16c1 96488 8b183b 96487->96488 96489 8b1480 96488->96489 96496 91702a 22 API calls 96488->96496 96489->96465 96489->96467 96491->96479 96492->96486 96493->96462 96494->96473 96495->96480 96496->96488 96497 8b1044 96502 8b10f3 96497->96502 96499 8b104a 96538 8d00a3 29 API calls __onexit 96499->96538 96501 8b1054 96539 8b1398 96502->96539 96506 8b116a 96549 8ba961 96506->96549 96509 8ba961 22 API calls 96510 8b117e 96509->96510 96511 8ba961 22 API calls 96510->96511 96512 8b1188 96511->96512 96513 8ba961 22 API calls 96512->96513 96514 8b11c6 96513->96514 96515 8ba961 22 API calls 96514->96515 96516 8b1292 96515->96516 96554 8b171c 96516->96554 96520 8b12c4 96521 8ba961 22 API calls 96520->96521 96522 8b12ce 96521->96522 96575 8c1940 96522->96575 96524 8b12f9 96585 8b1aab 96524->96585 96526 8b1315 96527 8b1325 GetStdHandle 96526->96527 96528 8b137a 96527->96528 96529 8f2485 96527->96529 96532 8b1387 OleInitialize 96528->96532 96529->96528 96530 8f248e 96529->96530 96592 8cfddb 96530->96592 96532->96499 96533 8f2495 96602 92011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96533->96602 96535 8f249e 96603 920944 CreateThread 96535->96603 96537 8f24aa CloseHandle 96537->96528 96538->96501 96604 8b13f1 96539->96604 96542 8b13f1 22 API calls 96543 8b13d0 96542->96543 96544 8ba961 22 API calls 96543->96544 96545 8b13dc 96544->96545 96611 8b6b57 96545->96611 96547 8b1129 96548 8b1bc3 6 API calls 96547->96548 96548->96506 96550 8cfe0b 22 API calls 96549->96550 96551 8ba976 96550->96551 96552 8cfddb 22 API calls 96551->96552 96553 8b1174 96552->96553 96553->96509 96555 8ba961 22 API calls 96554->96555 96556 8b172c 96555->96556 96557 8ba961 22 API calls 96556->96557 96558 8b1734 96557->96558 96559 8ba961 22 API calls 96558->96559 96560 8b174f 96559->96560 96561 8cfddb 22 API calls 96560->96561 96562 8b129c 96561->96562 96563 8b1b4a 96562->96563 96564 8b1b58 96563->96564 96565 8ba961 22 API calls 96564->96565 96566 8b1b63 96565->96566 96567 8ba961 22 API calls 96566->96567 96568 8b1b6e 96567->96568 96569 8ba961 22 API calls 96568->96569 96570 8b1b79 96569->96570 96571 8ba961 22 API calls 96570->96571 96572 8b1b84 96571->96572 96573 8cfddb 22 API calls 96572->96573 96574 8b1b96 RegisterWindowMessageW 96573->96574 96574->96520 96576 8c195d 96575->96576 96577 8c1981 96575->96577 96584 8c196e 96576->96584 96636 8d0242 5 API calls __Init_thread_wait 96576->96636 96634 8d0242 5 API calls __Init_thread_wait 96577->96634 96579 8c198b 96579->96576 96635 8d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96579->96635 96581 8c8727 96581->96584 96637 8d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96581->96637 96584->96524 96586 8b1abb 96585->96586 96587 8f272d 96585->96587 96588 8cfddb 22 API calls 96586->96588 96638 923209 23 API calls 96587->96638 96590 8b1ac3 96588->96590 96590->96526 96591 8f2738 96595 8cfde0 96592->96595 96593 8dea0c ___std_exception_copy 21 API calls 96593->96595 96594 8cfdfa 96594->96533 96595->96593 96595->96594 96598 8cfdfc 96595->96598 96639 8d4ead 7 API calls 2 library calls 96595->96639 96597 8d066d 96641 8d32a4 RaiseException 96597->96641 96598->96597 96640 8d32a4 RaiseException 96598->96640 96601 8d068a 96601->96533 96602->96535 96603->96537 96642 92092a 28 API calls 96603->96642 96605 8ba961 22 API calls 96604->96605 96606 8b13fc 96605->96606 96607 8ba961 22 API calls 96606->96607 96608 8b1404 96607->96608 96609 8ba961 22 API calls 96608->96609 96610 8b13c6 96609->96610 96610->96542 96612 8b6b67 _wcslen 96611->96612 96613 8f4ba1 96611->96613 96616 8b6b7d 96612->96616 96617 8b6ba2 96612->96617 96624 8b93b2 96613->96624 96615 8f4baa 96615->96615 96623 8b6f34 22 API calls 96616->96623 96618 8cfddb 22 API calls 96617->96618 96620 8b6bae 96618->96620 96622 8cfe0b 22 API calls 96620->96622 96621 8b6b85 __fread_nolock 96621->96547 96622->96621 96623->96621 96625 8b93c0 96624->96625 96627 8b93c9 __fread_nolock 96624->96627 96625->96627 96628 8baec9 96625->96628 96627->96615 96629 8baed9 __fread_nolock 96628->96629 96630 8baedc 96628->96630 96629->96627 96631 8cfddb 22 API calls 96630->96631 96632 8baee7 96631->96632 96633 8cfe0b 22 API calls 96632->96633 96633->96629 96634->96579 96635->96576 96636->96581 96637->96584 96638->96591 96639->96595 96640->96597 96641->96601 96643 90d79f 96644 8b3b1c 3 API calls 96643->96644 96645 90d7bf 96644->96645 96648 8b9c6e 22 API calls 96645->96648 96647 90d7ef 96647->96647 96648->96647 96649 90d35f 96650 90d30c 96649->96650 96653 91df27 SHGetFolderPathW 96650->96653 96654 8b6b57 22 API calls 96653->96654 96655 90d315 96654->96655 96656 902a00 96672 8bd7b0 messages 96656->96672 96657 8bdb11 PeekMessageW 96657->96672 96658 8bd807 GetInputState 96658->96657 96658->96672 96659 901cbe TranslateAcceleratorW 96659->96672 96661 8bdb8f PeekMessageW 96661->96672 96662 8bda04 timeGetTime 96662->96672 96663 8bdb73 TranslateMessage DispatchMessageW 96663->96661 96664 8bdbaf Sleep 96664->96672 96665 902b74 Sleep 96678 902a51 96665->96678 96667 901dda timeGetTime 96844 8ce300 23 API calls 96667->96844 96671 902c0b GetExitCodeProcess 96676 902c21 WaitForSingleObject 96671->96676 96677 902c37 CloseHandle 96671->96677 96672->96657 96672->96658 96672->96659 96672->96661 96672->96662 96672->96663 96672->96664 96672->96665 96672->96667 96675 8bd9d5 96672->96675 96672->96678 96688 8bdd50 96672->96688 96695 8bdfd0 96672->96695 96723 8bbf40 96672->96723 96781 8cedf6 96672->96781 96786 8c1310 96672->96786 96843 8ce551 timeGetTime 96672->96843 96845 923a2a 23 API calls 96672->96845 96846 8bec40 96672->96846 96870 92359c 82 API calls __wsopen_s 96672->96870 96673 9429bf GetForegroundWindow 96673->96678 96676->96672 96676->96677 96677->96678 96678->96671 96678->96672 96678->96673 96678->96675 96679 902ca9 Sleep 96678->96679 96871 935658 23 API calls 96678->96871 96872 91e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96678->96872 96873 8ce551 timeGetTime 96678->96873 96874 91d4dc CreateToolhelp32Snapshot Process32FirstW 96678->96874 96679->96672 96689 8bdd6f 96688->96689 96690 8bdd83 96688->96690 96884 8bd260 96689->96884 96916 92359c 82 API calls __wsopen_s 96690->96916 96693 8bdd7a 96693->96672 96694 902f75 96694->96694 96698 8be010 96695->96698 96696 902f7a 96697 8bec40 348 API calls 96696->96697 96699 902f8c 96697->96699 96698->96696 96700 8be075 96698->96700 96713 8be0dc messages 96699->96713 96929 92359c 82 API calls __wsopen_s 96699->96929 96700->96713 96930 8d0242 5 API calls __Init_thread_wait 96700->96930 96704 8be3e1 96704->96672 96705 902fca 96707 8ba961 22 API calls 96705->96707 96705->96713 96706 8ba961 22 API calls 96706->96713 96710 902fe4 96707->96710 96931 8d00a3 29 API calls __onexit 96710->96931 96712 902fee 96932 8d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96712->96932 96713->96704 96713->96706 96716 8bec40 348 API calls 96713->96716 96719 8c04f0 22 API calls 96713->96719 96720 92359c 82 API calls 96713->96720 96926 8ba8c7 22 API calls __fread_nolock 96713->96926 96927 8ba81b 41 API calls 96713->96927 96928 8ca308 348 API calls 96713->96928 96933 8d0242 5 API calls __Init_thread_wait 96713->96933 96934 8d00a3 29 API calls __onexit 96713->96934 96935 8d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96713->96935 96936 9347d4 348 API calls 96713->96936 96937 9368c1 348 API calls 96713->96937 96716->96713 96719->96713 96720->96713 96938 8badf0 96723->96938 96725 8bbf9d 96726 8bbfa9 96725->96726 96727 9004b6 96725->96727 96729 8bc01e 96726->96729 96730 9004c6 96726->96730 96970 92359c 82 API calls __wsopen_s 96727->96970 96943 8bac91 96729->96943 96971 92359c 82 API calls __wsopen_s 96730->96971 96734 917120 22 API calls 96778 8bc039 __fread_nolock messages 96734->96778 96735 8bc7da 96738 8cfe0b 22 API calls 96735->96738 96744 8bc808 __fread_nolock 96738->96744 96740 9004f5 96745 90055a 96740->96745 96972 8cd217 348 API calls 96740->96972 96743 8cfddb 22 API calls 96743->96778 96746 8cfe0b 22 API calls 96744->96746 96767 8bc603 96745->96767 96973 92359c 82 API calls __wsopen_s 96745->96973 96779 8bc350 __fread_nolock messages 96746->96779 96747 8baf8a 22 API calls 96747->96778 96748 90091a 96982 923209 23 API calls 96748->96982 96751 8bec40 348 API calls 96751->96778 96752 9008a5 96753 8bec40 348 API calls 96752->96753 96754 9008cf 96753->96754 96754->96767 96980 8ba81b 41 API calls 96754->96980 96756 900591 96974 92359c 82 API calls __wsopen_s 96756->96974 96760 9008f6 96981 92359c 82 API calls __wsopen_s 96760->96981 96762 8bc237 96764 8bc253 96762->96764 96983 8ba8c7 22 API calls __fread_nolock 96762->96983 96763 8baceb 23 API calls 96763->96778 96769 900976 96764->96769 96772 8bc297 messages 96764->96772 96765 8cfe0b 22 API calls 96765->96778 96767->96672 96770 8baceb 23 API calls 96769->96770 96771 9009bf 96770->96771 96771->96767 96984 92359c 82 API calls __wsopen_s 96771->96984 96772->96771 96954 8baceb 96772->96954 96774 8bc335 96774->96771 96775 8bc342 96774->96775 96964 8ba704 22 API calls messages 96775->96964 96776 8bbbe0 40 API calls 96776->96778 96778->96734 96778->96735 96778->96740 96778->96743 96778->96744 96778->96745 96778->96747 96778->96748 96778->96751 96778->96752 96778->96756 96778->96760 96778->96762 96778->96763 96778->96765 96778->96767 96778->96771 96778->96776 96947 8bad81 96778->96947 96975 917099 22 API calls __fread_nolock 96778->96975 96976 935745 54 API calls _wcslen 96778->96976 96977 8caa42 22 API calls messages 96778->96977 96978 91f05c 40 API calls 96778->96978 96979 8ba993 41 API calls 96778->96979 96780 8bc3ac 96779->96780 96965 8cce17 96779->96965 96780->96672 96782 8cee09 96781->96782 96783 8cee12 96781->96783 96782->96672 96783->96782 96784 8cee36 IsDialogMessageW 96783->96784 96785 90efaf GetClassLongW 96783->96785 96784->96782 96784->96783 96785->96783 96785->96784 96787 8c1376 96786->96787 96788 8c17b0 96786->96788 96790 906331 96787->96790 96791 8c1390 96787->96791 97035 8d0242 5 API calls __Init_thread_wait 96788->97035 97045 93709c 348 API calls 96790->97045 96792 8c1940 9 API calls 96791->96792 96795 8c13a0 96792->96795 96794 8c17ba 96797 8c17fb 96794->96797 97036 8b9cb3 96794->97036 96798 8c1940 9 API calls 96795->96798 96796 90633d 96796->96672 96801 906346 96797->96801 96803 8c182c 96797->96803 96800 8c13b6 96798->96800 96800->96797 96802 8c13ec 96800->96802 97046 92359c 82 API calls __wsopen_s 96801->97046 96802->96801 96826 8c1408 __fread_nolock 96802->96826 96804 8baceb 23 API calls 96803->96804 96806 8c1839 96804->96806 97043 8cd217 348 API calls 96806->97043 96807 8c17d4 97042 8d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96807->97042 96810 90636e 97047 92359c 82 API calls __wsopen_s 96810->97047 96811 8c152f 96813 8c153c 96811->96813 96814 9063d1 96811->96814 96815 8c1940 9 API calls 96813->96815 97049 935745 54 API calls _wcslen 96814->97049 96817 8c1549 96815->96817 96820 9064fa 96817->96820 96822 8c1940 9 API calls 96817->96822 96818 8cfddb 22 API calls 96818->96826 96819 8cfe0b 22 API calls 96819->96826 96830 906369 96820->96830 97051 92359c 82 API calls __wsopen_s 96820->97051 96821 8c1872 97044 8cfaeb 23 API calls 96821->97044 96828 8c1563 96822->96828 96825 8bec40 348 API calls 96825->96826 96826->96806 96826->96810 96826->96811 96826->96818 96826->96819 96826->96825 96827 9063b2 96826->96827 96826->96830 97048 92359c 82 API calls __wsopen_s 96827->97048 96828->96820 96833 8c15c7 messages 96828->96833 97050 8ba8c7 22 API calls __fread_nolock 96828->97050 96830->96672 96832 8c1940 9 API calls 96832->96833 96833->96820 96833->96821 96833->96830 96833->96832 96835 8c167b messages 96833->96835 97007 941591 96833->97007 97010 8cf645 96833->97010 97017 93ab67 96833->97017 97020 93abf7 96833->97020 97025 93a2ea 96833->97025 97030 925c5a 96833->97030 96834 8c171d 96834->96672 96835->96834 96836 8cce17 22 API calls 96835->96836 96836->96835 96843->96672 96844->96672 96845->96672 96868 8bec76 messages 96846->96868 96847 8d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96847->96868 96848 8cfddb 22 API calls 96848->96868 96849 8bfef7 96863 8bed9d messages 96849->96863 97286 8ba8c7 22 API calls __fread_nolock 96849->97286 96852 904600 96852->96863 97285 8ba8c7 22 API calls __fread_nolock 96852->97285 96853 904b0b 97288 92359c 82 API calls __wsopen_s 96853->97288 96854 8ba8c7 22 API calls 96854->96868 96858 8d0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96858->96868 96861 8bfbe3 96861->96863 96864 904bdc 96861->96864 96869 8bf3ae messages 96861->96869 96862 8ba961 22 API calls 96862->96868 96863->96672 97289 92359c 82 API calls __wsopen_s 96864->97289 96865 8d00a3 29 API calls pre_c_initialization 96865->96868 96867 904beb 97290 92359c 82 API calls __wsopen_s 96867->97290 96868->96847 96868->96848 96868->96849 96868->96852 96868->96853 96868->96854 96868->96858 96868->96861 96868->96862 96868->96863 96868->96865 96868->96867 96868->96869 97223 8c01e0 96868->97223 97284 8c06a0 41 API calls messages 96868->97284 96869->96863 97287 92359c 82 API calls __wsopen_s 96869->97287 96870->96672 96871->96678 96872->96678 96873->96678 97321 91def7 96874->97321 96876 91d529 Process32NextW 96877 91d5db CloseHandle 96876->96877 96882 91d522 96876->96882 96877->96678 96878 8ba961 22 API calls 96878->96882 96879 8b9cb3 22 API calls 96879->96882 96882->96876 96882->96877 96882->96878 96882->96879 97327 8b525f 22 API calls 96882->97327 97328 8b6350 22 API calls 96882->97328 97329 8cce60 41 API calls 96882->97329 96885 8bec40 348 API calls 96884->96885 96888 8bd29d 96885->96888 96886 8bd6d5 96889 8bd30b messages 96886->96889 96900 8cfe0b 22 API calls 96886->96900 96888->96886 96888->96889 96890 8bd3c3 96888->96890 96895 8bd4b8 96888->96895 96899 8cfddb 22 API calls 96888->96899 96902 901bc4 96888->96902 96911 8bd429 __fread_nolock messages 96888->96911 96889->96693 96890->96886 96892 8bd3ce 96890->96892 96891 8bd5ff 96893 901bb5 96891->96893 96894 8bd614 96891->96894 96896 8cfddb 22 API calls 96892->96896 96924 935705 23 API calls 96893->96924 96898 8cfddb 22 API calls 96894->96898 96901 8cfe0b 22 API calls 96895->96901 96905 8bd3d5 __fread_nolock 96896->96905 96908 8bd46a 96898->96908 96899->96888 96900->96905 96901->96911 96925 92359c 82 API calls __wsopen_s 96902->96925 96903 8cfddb 22 API calls 96904 8bd3f6 96903->96904 96904->96911 96917 8bbec0 348 API calls 96904->96917 96905->96903 96905->96904 96907 901ba4 96923 92359c 82 API calls __wsopen_s 96907->96923 96908->96693 96911->96891 96911->96907 96911->96908 96912 901b7f 96911->96912 96914 901b5d 96911->96914 96918 8b1f6f 96911->96918 96922 92359c 82 API calls __wsopen_s 96912->96922 96921 92359c 82 API calls __wsopen_s 96914->96921 96916->96694 96917->96911 96919 8bec40 348 API calls 96918->96919 96920 8b1f98 96919->96920 96920->96911 96921->96908 96922->96908 96923->96908 96924->96902 96925->96889 96926->96713 96927->96713 96928->96713 96929->96713 96930->96705 96931->96712 96932->96713 96933->96713 96934->96713 96935->96713 96936->96713 96937->96713 96939 8bae01 96938->96939 96942 8bae1c messages 96938->96942 96940 8baec9 22 API calls 96939->96940 96941 8bae09 CharUpperBuffW 96940->96941 96941->96942 96942->96725 96944 8bacae 96943->96944 96945 8bacd1 96944->96945 96985 92359c 82 API calls __wsopen_s 96944->96985 96945->96778 96948 8ffadb 96947->96948 96949 8bad92 96947->96949 96950 8cfddb 22 API calls 96949->96950 96951 8bad99 96950->96951 96986 8badcd 96951->96986 96955 8bacf9 96954->96955 96957 8bad2a messages 96954->96957 96956 8bad55 96955->96956 96959 8bad01 messages 96955->96959 96956->96957 96994 8ba8c7 22 API calls __fread_nolock 96956->96994 96957->96774 96959->96957 96960 8ffa48 96959->96960 96961 8bad21 96959->96961 96960->96957 96963 8cce17 22 API calls 96960->96963 96961->96957 96962 8ffa3a VariantClear 96961->96962 96962->96957 96963->96957 96964->96779 96966 8cce1f 96965->96966 96967 8cce43 96966->96967 96995 8bb010 96966->96995 96967->96779 96969 8cce2a messages 96969->96779 96970->96730 96971->96767 96972->96745 96973->96767 96974->96767 96975->96778 96976->96778 96977->96778 96978->96778 96979->96778 96980->96760 96981->96767 96982->96762 96983->96764 96984->96767 96985->96945 96990 8baddd 96986->96990 96987 8badb6 96987->96778 96988 8cfddb 22 API calls 96988->96990 96989 8ba961 22 API calls 96989->96990 96990->96987 96990->96988 96990->96989 96992 8badcd 22 API calls 96990->96992 96993 8ba8c7 22 API calls __fread_nolock 96990->96993 96992->96990 96993->96990 96994->96957 96996 8bb01b 96995->96996 96997 8ffb4d 96996->96997 97002 8bb023 messages 96996->97002 96998 8cfddb 22 API calls 96997->96998 96999 8ffb59 96998->96999 97001 8bb02a 97001->96969 97002->97001 97003 8bb090 97002->97003 97005 8bb09b messages 97003->97005 97004 8bb0d6 messages 97004->97002 97005->97004 97006 8cce17 22 API calls 97005->97006 97006->97004 97052 942ad8 97007->97052 97009 94159f 97009->96833 97090 8bb567 97010->97090 97012 8cf659 97013 90f2dc Sleep 97012->97013 97014 8cf661 timeGetTime 97012->97014 97015 8bb567 39 API calls 97014->97015 97016 8cf677 97015->97016 97016->96833 97096 93aff9 97017->97096 97021 93aff9 217 API calls 97020->97021 97023 93ac0c 97021->97023 97022 93ac54 97022->96833 97023->97022 97024 8baceb 23 API calls 97023->97024 97024->97022 97026 8b7510 53 API calls 97025->97026 97027 93a306 97026->97027 97028 91d4dc 47 API calls 97027->97028 97029 93a315 97028->97029 97029->96833 97031 8b7510 53 API calls 97030->97031 97032 925c6d 97031->97032 97218 91dbbe lstrlenW 97032->97218 97034 925c77 97034->96833 97035->96794 97037 8b9cc2 _wcslen 97036->97037 97038 8cfe0b 22 API calls 97037->97038 97039 8b9cea __fread_nolock 97038->97039 97040 8cfddb 22 API calls 97039->97040 97041 8b9d00 97040->97041 97041->96807 97042->96797 97043->96821 97044->96821 97045->96796 97046->96830 97047->96830 97048->96830 97049->96828 97050->96833 97051->96830 97053 8baceb 23 API calls 97052->97053 97054 942af3 97053->97054 97055 942b1d 97054->97055 97056 942aff 97054->97056 97057 8b6b57 22 API calls 97055->97057 97062 8b7510 97056->97062 97059 942b1b 97057->97059 97059->97009 97063 8b7522 97062->97063 97064 8b7525 97062->97064 97063->97059 97085 8ba8c7 22 API calls __fread_nolock 97063->97085 97065 8b755b 97064->97065 97066 8b752d 97064->97066 97068 8f50f6 97065->97068 97071 8b756d 97065->97071 97076 8f500f 97065->97076 97086 8d51c6 26 API calls 97066->97086 97089 8d5183 26 API calls 97068->97089 97069 8b753d 97075 8cfddb 22 API calls 97069->97075 97087 8cfb21 51 API calls 97071->97087 97072 8f510e 97072->97072 97077 8b7547 97075->97077 97078 8f5088 97076->97078 97080 8cfe0b 22 API calls 97076->97080 97079 8b9cb3 22 API calls 97077->97079 97088 8cfb21 51 API calls 97078->97088 97079->97063 97081 8f5058 97080->97081 97082 8cfddb 22 API calls 97081->97082 97083 8f507f 97082->97083 97084 8b9cb3 22 API calls 97083->97084 97084->97078 97085->97059 97086->97069 97087->97069 97088->97068 97089->97072 97091 8bb578 97090->97091 97092 8bb57f 97090->97092 97091->97092 97095 8d62d1 39 API calls _strftime 97091->97095 97092->97012 97094 8bb5c2 97094->97012 97095->97094 97097 93b01d ___scrt_fastfail 97096->97097 97098 93b094 97097->97098 97099 93b058 97097->97099 97103 8bb567 39 API calls 97098->97103 97104 93b08b 97098->97104 97100 8bb567 39 API calls 97099->97100 97101 93b063 97100->97101 97101->97104 97107 8bb567 39 API calls 97101->97107 97102 93b0ed 97105 8b7510 53 API calls 97102->97105 97106 93b0a5 97103->97106 97104->97102 97108 8bb567 39 API calls 97104->97108 97109 93b10b 97105->97109 97110 8bb567 39 API calls 97106->97110 97111 93b078 97107->97111 97108->97102 97187 8b7620 97109->97187 97110->97104 97114 8bb567 39 API calls 97111->97114 97113 93b115 97115 93b1d8 97113->97115 97116 93b11f 97113->97116 97114->97104 97118 93b20a GetCurrentDirectoryW 97115->97118 97121 8b7510 53 API calls 97115->97121 97117 8b7510 53 API calls 97116->97117 97119 93b130 97117->97119 97120 8cfe0b 22 API calls 97118->97120 97122 8b7620 22 API calls 97119->97122 97123 93b22f GetCurrentDirectoryW 97120->97123 97124 93b1ef 97121->97124 97125 93b13a 97122->97125 97126 93b23c 97123->97126 97127 8b7620 22 API calls 97124->97127 97128 8b7510 53 API calls 97125->97128 97131 93b275 97126->97131 97194 8b9c6e 22 API calls 97126->97194 97129 93b1f9 _wcslen 97127->97129 97130 93b14b 97128->97130 97129->97118 97129->97131 97132 8b7620 22 API calls 97130->97132 97136 93b287 97131->97136 97137 93b28b 97131->97137 97134 93b155 97132->97134 97138 8b7510 53 API calls 97134->97138 97135 93b255 97195 8b9c6e 22 API calls 97135->97195 97144 93b39a CreateProcessW 97136->97144 97145 93b2f8 97136->97145 97197 9207c0 10 API calls 97137->97197 97141 93b166 97138->97141 97146 8b7620 22 API calls 97141->97146 97142 93b265 97196 8b9c6e 22 API calls 97142->97196 97143 93b294 97198 9206e6 10 API calls 97143->97198 97163 93b32f _wcslen 97144->97163 97200 9111c8 39 API calls 97145->97200 97150 93b170 97146->97150 97153 93b1a6 GetSystemDirectoryW 97150->97153 97158 8b7510 53 API calls 97150->97158 97151 93b2aa 97199 9205a7 8 API calls 97151->97199 97152 93b2fd 97156 93b323 97152->97156 97157 93b32a 97152->97157 97155 8cfe0b 22 API calls 97153->97155 97162 93b1cb GetSystemDirectoryW 97155->97162 97201 911201 128 API calls 2 library calls 97156->97201 97202 9114ce 6 API calls 97157->97202 97159 93b187 97158->97159 97165 8b7620 22 API calls 97159->97165 97161 93b2d0 97161->97136 97162->97126 97167 93b3d6 GetLastError 97163->97167 97168 93b42f CloseHandle 97163->97168 97174 93b191 _wcslen 97165->97174 97166 93b328 97166->97163 97177 93b41a 97167->97177 97169 93b43f 97168->97169 97186 93b49a 97168->97186 97170 93b451 97169->97170 97171 93b446 CloseHandle 97169->97171 97175 93b463 97170->97175 97176 93b458 CloseHandle 97170->97176 97171->97170 97173 93b4a6 97173->97177 97174->97126 97174->97153 97178 93b475 97175->97178 97179 93b46a CloseHandle 97175->97179 97176->97175 97191 920175 97177->97191 97203 9209d9 34 API calls 97178->97203 97179->97178 97182 93b4d2 CloseHandle 97182->97177 97184 93b486 97204 93b536 25 API calls 97184->97204 97186->97173 97186->97182 97188 8b762a _wcslen 97187->97188 97189 8cfe0b 22 API calls 97188->97189 97190 8b763f 97189->97190 97190->97113 97205 92030f 97191->97205 97194->97135 97195->97142 97196->97131 97197->97143 97198->97151 97199->97161 97200->97152 97201->97166 97202->97163 97203->97184 97204->97186 97206 920321 CloseHandle 97205->97206 97207 920329 97205->97207 97206->97207 97208 920336 97207->97208 97209 92032e CloseHandle 97207->97209 97210 920343 97208->97210 97211 92033b CloseHandle 97208->97211 97209->97208 97212 920350 97210->97212 97213 920348 CloseHandle 97210->97213 97211->97210 97214 920355 CloseHandle 97212->97214 97215 92035d 97212->97215 97213->97212 97214->97215 97216 920362 CloseHandle 97215->97216 97217 92017d 97215->97217 97216->97217 97217->96833 97219 91dc06 97218->97219 97220 91dbdc GetFileAttributesW 97218->97220 97219->97034 97220->97219 97221 91dbe8 FindFirstFileW 97220->97221 97221->97219 97222 91dbf9 FindClose 97221->97222 97222->97219 97224 8c0206 97223->97224 97237 8c027e 97223->97237 97225 905411 97224->97225 97226 8c0213 97224->97226 97309 937b7e 348 API calls 2 library calls 97225->97309 97233 905435 97226->97233 97236 8c021d 97226->97236 97227 905405 97308 92359c 82 API calls __wsopen_s 97227->97308 97229 8bec40 348 API calls 97229->97237 97232 905466 97234 905471 97232->97234 97235 905493 97232->97235 97233->97232 97242 90544d 97233->97242 97311 937b7e 348 API calls 2 library calls 97234->97311 97291 935689 97235->97291 97278 8c0230 messages 97236->97278 97314 8ba8c7 22 API calls __fread_nolock 97236->97314 97237->97229 97241 8c0405 97237->97241 97244 9051b9 97237->97244 97259 8c03f9 97237->97259 97264 8c0344 97237->97264 97267 9051ce messages 97237->97267 97274 8c03b2 messages 97237->97274 97241->96868 97310 92359c 82 API calls __wsopen_s 97242->97310 97304 92359c 82 API calls __wsopen_s 97244->97304 97245 90568a 97252 9056c0 97245->97252 97316 937771 67 API calls 97245->97316 97248 905332 97248->97278 97307 8ba8c7 22 API calls __fread_nolock 97248->97307 97251 905532 97312 921119 22 API calls 97251->97312 97256 8baceb 23 API calls 97252->97256 97253 905668 97257 8b7510 53 API calls 97253->97257 97281 8c0273 messages 97256->97281 97271 905670 _wcslen 97257->97271 97258 90569e 97261 8b7510 53 API calls 97258->97261 97259->97241 97303 92359c 82 API calls __wsopen_s 97259->97303 97260 9054b9 97298 920acc 97260->97298 97277 9056a6 _wcslen 97261->97277 97264->97259 97302 8c04f0 22 API calls 97264->97302 97266 905544 97313 8ba673 22 API calls 97266->97313 97267->97274 97267->97281 97305 92359c 82 API calls __wsopen_s 97267->97305 97268 8c03a5 97268->97259 97268->97274 97271->97245 97275 8baceb 23 API calls 97271->97275 97273 90554d 97280 920acc 22 API calls 97273->97280 97274->97227 97274->97248 97274->97278 97274->97281 97306 8ca308 348 API calls 97274->97306 97275->97245 97276 8c1310 348 API calls 97276->97278 97277->97252 97279 8baceb 23 API calls 97277->97279 97278->97245 97278->97281 97315 937632 54 API calls __wsopen_s 97278->97315 97279->97252 97282 905566 97280->97282 97281->96868 97283 8bbf40 348 API calls 97282->97283 97283->97278 97284->96868 97285->96863 97286->96863 97287->96863 97288->96863 97289->96867 97290->96863 97292 9356a4 97291->97292 97297 90549e 97291->97297 97293 8cfe0b 22 API calls 97292->97293 97294 9356c6 97293->97294 97295 8cfddb 22 API calls 97294->97295 97294->97297 97317 920a59 97294->97317 97295->97294 97297->97251 97297->97260 97299 9054e3 97298->97299 97300 920ada 97298->97300 97299->97276 97300->97299 97301 8cfddb 22 API calls 97300->97301 97301->97299 97302->97268 97303->97281 97304->97267 97305->97274 97306->97274 97307->97278 97308->97225 97309->97278 97310->97281 97311->97278 97312->97266 97313->97273 97314->97278 97315->97253 97316->97258 97318 920a7a 97317->97318 97319 8cfddb 22 API calls 97318->97319 97320 920a85 97318->97320 97319->97320 97320->97294 97326 91df02 97321->97326 97322 91df19 97331 8d62fb 39 API calls _strftime 97322->97331 97325 91df1f 97325->96882 97326->97322 97326->97325 97330 8d63b2 GetStringTypeW _strftime 97326->97330 97327->96882 97328->96882 97329->96882 97330->97326 97331->97325 97332 8b105b 97337 8b344d 97332->97337 97334 8b106a 97368 8d00a3 29 API calls __onexit 97334->97368 97336 8b1074 97338 8b345d __wsopen_s 97337->97338 97339 8ba961 22 API calls 97338->97339 97340 8b3513 97339->97340 97369 8b3a5a 97340->97369 97342 8b351c 97376 8b3357 97342->97376 97349 8ba961 22 API calls 97350 8b354d 97349->97350 97397 8ba6c3 97350->97397 97353 8f3176 RegQueryValueExW 97354 8f320c RegCloseKey 97353->97354 97355 8f3193 97353->97355 97357 8b3578 97354->97357 97367 8f321e _wcslen 97354->97367 97356 8cfe0b 22 API calls 97355->97356 97358 8f31ac 97356->97358 97357->97334 97403 8b5722 97358->97403 97359 8b4c6d 22 API calls 97359->97367 97362 8f31d4 97363 8b6b57 22 API calls 97362->97363 97364 8f31ee messages 97363->97364 97364->97354 97365 8b9cb3 22 API calls 97365->97367 97366 8b515f 22 API calls 97366->97367 97367->97357 97367->97359 97367->97365 97367->97366 97368->97336 97406 8f1f50 97369->97406 97372 8b9cb3 22 API calls 97373 8b3a8d 97372->97373 97408 8b3aa2 97373->97408 97375 8b3a97 97375->97342 97377 8f1f50 __wsopen_s 97376->97377 97378 8b3364 GetFullPathNameW 97377->97378 97379 8b3386 97378->97379 97380 8b6b57 22 API calls 97379->97380 97381 8b33a4 97380->97381 97382 8b33c6 97381->97382 97383 8f30bb 97382->97383 97384 8b33dd 97382->97384 97386 8cfddb 22 API calls 97383->97386 97422 8b33ee 97384->97422 97388 8f30c5 _wcslen 97386->97388 97387 8b33e8 97391 8b515f 97387->97391 97389 8cfe0b 22 API calls 97388->97389 97390 8f30fe __fread_nolock 97389->97390 97392 8b516e 97391->97392 97396 8b518f __fread_nolock 97391->97396 97394 8cfe0b 22 API calls 97392->97394 97393 8cfddb 22 API calls 97395 8b3544 97393->97395 97394->97396 97395->97349 97396->97393 97398 8ba6dd 97397->97398 97399 8b3556 RegOpenKeyExW 97397->97399 97400 8cfddb 22 API calls 97398->97400 97399->97353 97399->97357 97401 8ba6e7 97400->97401 97402 8cfe0b 22 API calls 97401->97402 97402->97399 97404 8cfddb 22 API calls 97403->97404 97405 8b5734 RegQueryValueExW 97404->97405 97405->97362 97405->97364 97407 8b3a67 GetModuleFileNameW 97406->97407 97407->97372 97409 8f1f50 __wsopen_s 97408->97409 97410 8b3aaf GetFullPathNameW 97409->97410 97411 8b3ae9 97410->97411 97412 8b3ace 97410->97412 97414 8ba6c3 22 API calls 97411->97414 97413 8b6b57 22 API calls 97412->97413 97415 8b3ada 97413->97415 97414->97415 97418 8b37a0 97415->97418 97419 8b37ae 97418->97419 97420 8b93b2 22 API calls 97419->97420 97421 8b37c2 97420->97421 97421->97375 97423 8b33fe _wcslen 97422->97423 97424 8f311d 97423->97424 97425 8b3411 97423->97425 97427 8cfddb 22 API calls 97424->97427 97432 8ba587 97425->97432 97429 8f3127 97427->97429 97428 8b341e __fread_nolock 97428->97387 97430 8cfe0b 22 API calls 97429->97430 97431 8f3157 __fread_nolock 97430->97431 97433 8ba59d 97432->97433 97436 8ba598 __fread_nolock 97432->97436 97434 8cfe0b 22 API calls 97433->97434 97435 8ff80f 97433->97435 97434->97436 97435->97435 97436->97428 97437 8b1098 97442 8b42de 97437->97442 97441 8b10a7 97443 8ba961 22 API calls 97442->97443 97444 8b42f5 GetVersionExW 97443->97444 97445 8b6b57 22 API calls 97444->97445 97446 8b4342 97445->97446 97447 8b93b2 22 API calls 97446->97447 97457 8b4378 97446->97457 97448 8b436c 97447->97448 97450 8b37a0 22 API calls 97448->97450 97449 8b441b GetCurrentProcess IsWow64Process 97451 8b4437 97449->97451 97450->97457 97452 8b444f LoadLibraryA 97451->97452 97453 8f3824 GetSystemInfo 97451->97453 97454 8b449c GetSystemInfo 97452->97454 97455 8b4460 GetProcAddress 97452->97455 97456 8b4476 97454->97456 97455->97454 97459 8b4470 GetNativeSystemInfo 97455->97459 97460 8b447a FreeLibrary 97456->97460 97461 8b109d 97456->97461 97457->97449 97458 8f37df 97457->97458 97459->97456 97460->97461 97462 8d00a3 29 API calls __onexit 97461->97462 97462->97441 97463 8cf698 97464 8cf6a2 97463->97464 97465 8cf6c3 97463->97465 97472 8baf8a 97464->97472 97471 90f2f8 97465->97471 97480 914d4a 22 API calls messages 97465->97480 97467 8cf6b2 97469 8baf8a 22 API calls 97467->97469 97470 8cf6c2 97469->97470 97473 8baf98 97472->97473 97478 8bafc0 messages 97472->97478 97474 8bafa6 97473->97474 97475 8baf8a 22 API calls 97473->97475 97476 8baf8a 22 API calls 97474->97476 97477 8bafac 97474->97477 97475->97474 97476->97477 97477->97478 97479 8bb090 22 API calls 97477->97479 97478->97467 97479->97478 97480->97465 97481 8b3156 97484 8b3170 97481->97484 97485 8b3187 97484->97485 97486 8b31eb 97485->97486 97487 8b318c 97485->97487 97525 8b31e9 97485->97525 97489 8f2dfb 97486->97489 97490 8b31f1 97486->97490 97491 8b3199 97487->97491 97492 8b3265 PostQuitMessage 97487->97492 97488 8b31d0 DefWindowProcW 97518 8b316a 97488->97518 97543 8b18e2 10 API calls 97489->97543 97493 8b31f8 97490->97493 97494 8b321d SetTimer RegisterWindowMessageW 97490->97494 97496 8f2e7c 97491->97496 97497 8b31a4 97491->97497 97492->97518 97499 8f2d9c 97493->97499 97500 8b3201 KillTimer 97493->97500 97502 8b3246 CreatePopupMenu 97494->97502 97494->97518 97556 91bf30 34 API calls ___scrt_fastfail 97496->97556 97503 8b31ae 97497->97503 97504 8f2e68 97497->97504 97508 8f2dd7 MoveWindow 97499->97508 97509 8f2da1 97499->97509 97529 8b30f2 97500->97529 97501 8f2e1c 97544 8ce499 42 API calls 97501->97544 97502->97518 97505 8f2e4d 97503->97505 97506 8b31b9 97503->97506 97533 91c161 97504->97533 97505->97488 97555 910ad7 22 API calls 97505->97555 97513 8b31c4 97506->97513 97514 8b3253 97506->97514 97507 8f2e8e 97507->97488 97507->97518 97508->97518 97515 8f2da7 97509->97515 97516 8f2dc6 SetFocus 97509->97516 97513->97488 97526 8b30f2 Shell_NotifyIconW 97513->97526 97541 8b326f 44 API calls ___scrt_fastfail 97514->97541 97515->97513 97520 8f2db0 97515->97520 97516->97518 97542 8b18e2 10 API calls 97520->97542 97523 8b3263 97523->97518 97525->97488 97527 8f2e41 97526->97527 97545 8b3837 97527->97545 97530 8b3154 97529->97530 97531 8b3104 ___scrt_fastfail 97529->97531 97540 8b3c50 DeleteObject DestroyWindow 97530->97540 97532 8b3123 Shell_NotifyIconW 97531->97532 97532->97530 97534 91c276 97533->97534 97535 91c179 ___scrt_fastfail 97533->97535 97534->97518 97557 8b3923 97535->97557 97537 91c25f KillTimer SetTimer 97537->97534 97538 91c1a0 97538->97537 97539 91c251 Shell_NotifyIconW 97538->97539 97539->97537 97540->97518 97541->97523 97542->97518 97543->97501 97544->97513 97546 8b3862 ___scrt_fastfail 97545->97546 97587 8b4212 97546->97587 97549 8b38e8 97551 8f3386 Shell_NotifyIconW 97549->97551 97552 8b3906 Shell_NotifyIconW 97549->97552 97553 8b3923 24 API calls 97552->97553 97554 8b391c 97553->97554 97554->97525 97555->97525 97556->97507 97558 8b393f 97557->97558 97577 8b3a13 97557->97577 97579 8b6270 97558->97579 97561 8b395a 97563 8b6b57 22 API calls 97561->97563 97562 8f3393 LoadStringW 97564 8f33ad 97562->97564 97565 8b396f 97563->97565 97573 8b3994 ___scrt_fastfail 97564->97573 97585 8ba8c7 22 API calls __fread_nolock 97564->97585 97566 8f33c9 97565->97566 97567 8b397c 97565->97567 97586 8b6350 22 API calls 97566->97586 97567->97564 97569 8b3986 97567->97569 97584 8b6350 22 API calls 97569->97584 97572 8f33d7 97572->97573 97574 8b33c6 22 API calls 97572->97574 97575 8b39f9 Shell_NotifyIconW 97573->97575 97576 8f33f9 97574->97576 97575->97577 97578 8b33c6 22 API calls 97576->97578 97577->97538 97578->97573 97580 8cfe0b 22 API calls 97579->97580 97581 8b6295 97580->97581 97582 8cfddb 22 API calls 97581->97582 97583 8b394d 97582->97583 97583->97561 97583->97562 97584->97573 97585->97573 97586->97572 97588 8f35a4 97587->97588 97589 8b38b7 97587->97589 97588->97589 97590 8f35ad DestroyIcon 97588->97590 97589->97549 97591 91c874 42 API calls _strftime 97589->97591 97590->97589 97591->97549 97592 903f75 97603 8cceb1 97592->97603 97594 903f8b 97595 904006 97594->97595 97612 8ce300 23 API calls 97594->97612 97598 8bbf40 348 API calls 97595->97598 97597 903fe6 97602 904052 97597->97602 97613 921abf 22 API calls 97597->97613 97598->97602 97600 904a88 97602->97600 97614 92359c 82 API calls __wsopen_s 97602->97614 97604 8ccebf 97603->97604 97605 8cced2 97603->97605 97608 8baceb 23 API calls 97604->97608 97606 8ccf05 97605->97606 97607 8cced7 97605->97607 97610 8baceb 23 API calls 97606->97610 97609 8cfddb 22 API calls 97607->97609 97611 8ccec9 97608->97611 97609->97611 97610->97611 97611->97594 97612->97597 97613->97595 97614->97600 97615 8b1cad SystemParametersInfoW 97616 8b2de3 97617 8b2df0 __wsopen_s 97616->97617 97618 8b2e09 97617->97618 97619 8f2c2b ___scrt_fastfail 97617->97619 97620 8b3aa2 23 API calls 97618->97620 97621 8f2c47 GetOpenFileNameW 97619->97621 97622 8b2e12 97620->97622 97623 8f2c96 97621->97623 97632 8b2da5 97622->97632 97625 8b6b57 22 API calls 97623->97625 97627 8f2cab 97625->97627 97627->97627 97629 8b2e27 97650 8b44a8 97629->97650 97633 8f1f50 __wsopen_s 97632->97633 97634 8b2db2 GetLongPathNameW 97633->97634 97635 8b6b57 22 API calls 97634->97635 97636 8b2dda 97635->97636 97637 8b3598 97636->97637 97638 8ba961 22 API calls 97637->97638 97639 8b35aa 97638->97639 97640 8b3aa2 23 API calls 97639->97640 97641 8b35b5 97640->97641 97642 8f32eb 97641->97642 97643 8b35c0 97641->97643 97647 8f330d 97642->97647 97686 8cce60 41 API calls 97642->97686 97645 8b515f 22 API calls 97643->97645 97646 8b35cc 97645->97646 97680 8b35f3 97646->97680 97649 8b35df 97649->97629 97687 8b4ecb 97650->97687 97653 8f3833 97709 922cf9 97653->97709 97655 8b4ecb 94 API calls 97657 8b44e1 97655->97657 97656 8f3848 97658 8f384c 97656->97658 97659 8f3869 97656->97659 97657->97653 97660 8b44e9 97657->97660 97759 8b4f39 97658->97759 97664 8cfe0b 22 API calls 97659->97664 97661 8f3854 97660->97661 97662 8b44f5 97660->97662 97765 91da5a 82 API calls 97661->97765 97758 8b940c 136 API calls 2 library calls 97662->97758 97667 8f38ae 97664->97667 97670 8f3a5f 97667->97670 97676 8f3a67 97667->97676 97677 8b9cb3 22 API calls 97667->97677 97735 91967e 97667->97735 97738 920b5a 97667->97738 97744 8ba4a1 97667->97744 97752 8b3ff7 97667->97752 97766 9195ad 42 API calls _wcslen 97667->97766 97668 8b2e31 97669 8f3862 97669->97659 97670->97676 97671 8b4f39 68 API calls 97671->97676 97676->97671 97767 91989b 82 API calls __wsopen_s 97676->97767 97677->97667 97681 8b3624 __fread_nolock 97680->97681 97682 8b3605 97680->97682 97683 8cfddb 22 API calls 97681->97683 97684 8cfe0b 22 API calls 97682->97684 97685 8b363b 97683->97685 97684->97681 97685->97649 97686->97642 97768 8b4e90 LoadLibraryA 97687->97768 97692 8f3ccf 97694 8b4f39 68 API calls 97692->97694 97693 8b4ef6 LoadLibraryExW 97776 8b4e59 LoadLibraryA 97693->97776 97696 8f3cd6 97694->97696 97698 8b4e59 3 API calls 97696->97698 97701 8f3cde 97698->97701 97700 8b4f20 97700->97701 97702 8b4f2c 97700->97702 97798 8b50f5 97701->97798 97703 8b4f39 68 API calls 97702->97703 97705 8b44cd 97703->97705 97705->97653 97705->97655 97708 8f3d05 97710 922d15 97709->97710 97711 8b511f 64 API calls 97710->97711 97712 922d29 97711->97712 97929 922e66 97712->97929 97715 8b50f5 40 API calls 97716 922d56 97715->97716 97717 8b50f5 40 API calls 97716->97717 97718 922d66 97717->97718 97719 8b50f5 40 API calls 97718->97719 97720 922d81 97719->97720 97721 8b50f5 40 API calls 97720->97721 97722 922d9c 97721->97722 97723 8b511f 64 API calls 97722->97723 97724 922db3 97723->97724 97725 8dea0c ___std_exception_copy 21 API calls 97724->97725 97726 922dba 97725->97726 97727 8dea0c ___std_exception_copy 21 API calls 97726->97727 97728 922dc4 97727->97728 97729 8b50f5 40 API calls 97728->97729 97730 922dd8 97729->97730 97731 9228fe 27 API calls 97730->97731 97732 922dee 97731->97732 97733 922d3f 97732->97733 97935 9222ce 79 API calls 97732->97935 97733->97656 97736 8cfe0b 22 API calls 97735->97736 97737 9196ae __fread_nolock 97736->97737 97737->97667 97739 920b65 97738->97739 97740 8cfddb 22 API calls 97739->97740 97741 920b7c 97740->97741 97742 8b9cb3 22 API calls 97741->97742 97743 920b87 97742->97743 97743->97667 97745 8ba52b 97744->97745 97746 8ba4b1 __fread_nolock 97744->97746 97748 8cfe0b 22 API calls 97745->97748 97747 8cfddb 22 API calls 97746->97747 97749 8ba4b8 97747->97749 97748->97746 97750 8cfddb 22 API calls 97749->97750 97751 8ba4d6 97749->97751 97750->97751 97751->97667 97753 8b400a 97752->97753 97756 8b40ae 97752->97756 97754 8cfe0b 22 API calls 97753->97754 97757 8b403c 97753->97757 97754->97757 97755 8cfddb 22 API calls 97755->97757 97756->97667 97757->97755 97757->97756 97758->97668 97760 8b4f4a 97759->97760 97761 8b4f43 97759->97761 97763 8b4f6a FreeLibrary 97760->97763 97764 8b4f59 97760->97764 97936 8de678 97761->97936 97763->97764 97764->97661 97765->97669 97766->97667 97767->97676 97769 8b4ea8 GetProcAddress 97768->97769 97770 8b4ec6 97768->97770 97771 8b4eb8 97769->97771 97773 8de5eb 97770->97773 97771->97770 97772 8b4ebf FreeLibrary 97771->97772 97772->97770 97806 8de52a 97773->97806 97775 8b4eea 97775->97692 97775->97693 97777 8b4e6e GetProcAddress 97776->97777 97778 8b4e8d 97776->97778 97779 8b4e7e 97777->97779 97781 8b4f80 97778->97781 97779->97778 97780 8b4e86 FreeLibrary 97779->97780 97780->97778 97782 8cfe0b 22 API calls 97781->97782 97783 8b4f95 97782->97783 97784 8b5722 22 API calls 97783->97784 97785 8b4fa1 __fread_nolock 97784->97785 97786 8b4fdc 97785->97786 97787 8f3d1d 97785->97787 97788 8b50a5 97785->97788 97791 8f3d22 97786->97791 97792 8b50f5 40 API calls 97786->97792 97797 8b506e messages 97786->97797 97864 8b511f 97786->97864 97869 92304d 74 API calls 97787->97869 97858 8b42a2 CreateStreamOnHGlobal 97788->97858 97793 8b511f 64 API calls 97791->97793 97792->97786 97794 8f3d45 97793->97794 97795 8b50f5 40 API calls 97794->97795 97795->97797 97797->97700 97799 8b5107 97798->97799 97800 8f3d70 97798->97800 97891 8de8c4 97799->97891 97803 9228fe 97912 92274e 97803->97912 97805 922919 97805->97708 97809 8de536 ___scrt_is_nonwritable_in_current_image 97806->97809 97807 8de544 97831 8df2d9 20 API calls __dosmaperr 97807->97831 97809->97807 97811 8de574 97809->97811 97810 8de549 97832 8e27ec 26 API calls pre_c_initialization 97810->97832 97813 8de579 97811->97813 97814 8de586 97811->97814 97833 8df2d9 20 API calls __dosmaperr 97813->97833 97823 8e8061 97814->97823 97817 8de58f 97818 8de595 97817->97818 97820 8de5a2 97817->97820 97834 8df2d9 20 API calls __dosmaperr 97818->97834 97835 8de5d4 LeaveCriticalSection __fread_nolock 97820->97835 97822 8de554 __wsopen_s 97822->97775 97824 8e806d ___scrt_is_nonwritable_in_current_image 97823->97824 97836 8e2f5e EnterCriticalSection 97824->97836 97826 8e807b 97837 8e80fb 97826->97837 97830 8e80ac __wsopen_s 97830->97817 97831->97810 97832->97822 97833->97822 97834->97822 97835->97822 97836->97826 97845 8e811e 97837->97845 97838 8e8177 97839 8e4c7d __dosmaperr 20 API calls 97838->97839 97840 8e8180 97839->97840 97842 8e29c8 _free 20 API calls 97840->97842 97843 8e8189 97842->97843 97849 8e8088 97843->97849 97855 8e3405 11 API calls 2 library calls 97843->97855 97845->97838 97845->97849 97853 8d918d EnterCriticalSection 97845->97853 97854 8d91a1 LeaveCriticalSection 97845->97854 97846 8e81a8 97856 8d918d EnterCriticalSection 97846->97856 97850 8e80b7 97849->97850 97857 8e2fa6 LeaveCriticalSection 97850->97857 97852 8e80be 97852->97830 97853->97845 97854->97845 97855->97846 97856->97849 97857->97852 97859 8b42d9 97858->97859 97860 8b42bc FindResourceExW 97858->97860 97859->97786 97860->97859 97861 8f35ba LoadResource 97860->97861 97861->97859 97862 8f35cf SizeofResource 97861->97862 97862->97859 97863 8f35e3 LockResource 97862->97863 97863->97859 97865 8b512e 97864->97865 97866 8f3d90 97864->97866 97870 8dece3 97865->97870 97869->97791 97873 8deaaa 97870->97873 97872 8b513c 97872->97786 97876 8deab6 ___scrt_is_nonwritable_in_current_image 97873->97876 97874 8deac2 97886 8df2d9 20 API calls __dosmaperr 97874->97886 97876->97874 97877 8deae8 97876->97877 97888 8d918d EnterCriticalSection 97877->97888 97878 8deac7 97887 8e27ec 26 API calls pre_c_initialization 97878->97887 97881 8deaf4 97889 8dec0a 62 API calls 2 library calls 97881->97889 97883 8deb08 97890 8deb27 LeaveCriticalSection __fread_nolock 97883->97890 97885 8dead2 __wsopen_s 97885->97872 97886->97878 97887->97885 97888->97881 97889->97883 97890->97885 97894 8de8e1 97891->97894 97893 8b5118 97893->97803 97895 8de8ed ___scrt_is_nonwritable_in_current_image 97894->97895 97896 8de92d 97895->97896 97897 8de900 ___scrt_fastfail 97895->97897 97898 8de925 __wsopen_s 97895->97898 97909 8d918d EnterCriticalSection 97896->97909 97907 8df2d9 20 API calls __dosmaperr 97897->97907 97898->97893 97901 8de937 97910 8de6f8 38 API calls 4 library calls 97901->97910 97902 8de91a 97908 8e27ec 26 API calls pre_c_initialization 97902->97908 97904 8de94e 97911 8de96c LeaveCriticalSection __fread_nolock 97904->97911 97907->97902 97908->97898 97909->97901 97910->97904 97911->97898 97915 8de4e8 97912->97915 97914 92275d 97914->97805 97918 8de469 97915->97918 97917 8de505 97917->97914 97919 8de48c 97918->97919 97920 8de478 97918->97920 97925 8de488 __alldvrm 97919->97925 97928 8e333f 11 API calls 2 library calls 97919->97928 97926 8df2d9 20 API calls __dosmaperr 97920->97926 97922 8de47d 97927 8e27ec 26 API calls pre_c_initialization 97922->97927 97925->97917 97926->97922 97927->97925 97928->97925 97934 922e7a 97929->97934 97930 8b50f5 40 API calls 97930->97934 97931 922d3b 97931->97715 97931->97733 97932 9228fe 27 API calls 97932->97934 97933 8b511f 64 API calls 97933->97934 97934->97930 97934->97931 97934->97932 97934->97933 97935->97733 97937 8de684 ___scrt_is_nonwritable_in_current_image 97936->97937 97938 8de6aa 97937->97938 97939 8de695 97937->97939 97946 8de6a5 __wsopen_s 97938->97946 97951 8d918d EnterCriticalSection 97938->97951 97949 8df2d9 20 API calls __dosmaperr 97939->97949 97941 8de69a 97950 8e27ec 26 API calls pre_c_initialization 97941->97950 97944 8de6c6 97952 8de602 97944->97952 97946->97760 97947 8de6d1 97968 8de6ee LeaveCriticalSection __fread_nolock 97947->97968 97949->97941 97950->97946 97951->97944 97953 8de60f 97952->97953 97954 8de624 97952->97954 97969 8df2d9 20 API calls __dosmaperr 97953->97969 97960 8de61f 97954->97960 97971 8ddc0b 97954->97971 97956 8de614 97970 8e27ec 26 API calls pre_c_initialization 97956->97970 97960->97947 97964 8de646 97988 8e862f 97964->97988 97967 8e29c8 _free 20 API calls 97967->97960 97968->97946 97969->97956 97970->97960 97972 8ddc23 97971->97972 97976 8ddc1f 97971->97976 97973 8dd955 __fread_nolock 26 API calls 97972->97973 97972->97976 97974 8ddc43 97973->97974 98003 8e59be 62 API calls 4 library calls 97974->98003 97977 8e4d7a 97976->97977 97978 8de640 97977->97978 97979 8e4d90 97977->97979 97981 8dd955 97978->97981 97979->97978 97980 8e29c8 _free 20 API calls 97979->97980 97980->97978 97982 8dd976 97981->97982 97983 8dd961 97981->97983 97982->97964 98004 8df2d9 20 API calls __dosmaperr 97983->98004 97985 8dd966 98005 8e27ec 26 API calls pre_c_initialization 97985->98005 97987 8dd971 97987->97964 97989 8e863e 97988->97989 97990 8e8653 97988->97990 98006 8df2c6 20 API calls __dosmaperr 97989->98006 97991 8e868e 97990->97991 97996 8e867a 97990->97996 98011 8df2c6 20 API calls __dosmaperr 97991->98011 97993 8e8643 98007 8df2d9 20 API calls __dosmaperr 97993->98007 98008 8e8607 97996->98008 97997 8e8693 98012 8df2d9 20 API calls __dosmaperr 97997->98012 98000 8de64c 98000->97960 98000->97967 98001 8e869b 98013 8e27ec 26 API calls pre_c_initialization 98001->98013 98003->97976 98004->97985 98005->97987 98006->97993 98007->98000 98014 8e8585 98008->98014 98010 8e862b 98010->98000 98011->97997 98012->98001 98013->98000 98015 8e8591 ___scrt_is_nonwritable_in_current_image 98014->98015 98025 8e5147 EnterCriticalSection 98015->98025 98017 8e859f 98018 8e85c6 98017->98018 98019 8e85d1 98017->98019 98020 8e86ae __wsopen_s 29 API calls 98018->98020 98026 8df2d9 20 API calls __dosmaperr 98019->98026 98022 8e85cc 98020->98022 98027 8e85fb LeaveCriticalSection __wsopen_s 98022->98027 98024 8e85ee __wsopen_s 98024->98010 98025->98017 98026->98022 98027->98024 98028 90d27a GetUserNameW 98029 90d292 98028->98029 98030 8f2ba5 98031 8f2baf 98030->98031 98032 8b2b25 98030->98032 98034 8b3a5a 24 API calls 98031->98034 98058 8b2b83 7 API calls 98032->98058 98035 8f2bb8 98034->98035 98037 8b9cb3 22 API calls 98035->98037 98040 8f2bc6 98037->98040 98039 8b2b2f 98043 8b3837 49 API calls 98039->98043 98048 8b2b44 98039->98048 98041 8f2bce 98040->98041 98042 8f2bf5 98040->98042 98044 8b33c6 22 API calls 98041->98044 98045 8b33c6 22 API calls 98042->98045 98043->98048 98046 8f2bd9 98044->98046 98047 8f2bf1 GetForegroundWindow ShellExecuteW 98045->98047 98062 8b6350 22 API calls 98046->98062 98054 8f2c26 98047->98054 98049 8b2b5f 98048->98049 98052 8b30f2 Shell_NotifyIconW 98048->98052 98056 8b2b66 SetCurrentDirectoryW 98049->98056 98052->98049 98053 8f2be7 98055 8b33c6 22 API calls 98053->98055 98054->98049 98055->98047 98057 8b2b7a 98056->98057 98063 8b2cd4 7 API calls 98058->98063 98060 8b2b2a 98061 8b2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 98060->98061 98061->98039 98062->98053 98063->98060 98064 8bdee5 98067 8bb710 98064->98067 98068 8bb72b 98067->98068 98069 900146 98068->98069 98070 9000f8 98068->98070 98091 8bb750 98068->98091 98109 9358a2 348 API calls 2 library calls 98069->98109 98073 900102 98070->98073 98076 90010f 98070->98076 98070->98091 98107 935d33 348 API calls 98073->98107 98090 8bba20 98076->98090 98108 9361d0 348 API calls 2 library calls 98076->98108 98080 8bbbe0 40 API calls 98080->98091 98081 9003d9 98081->98081 98083 8cd336 40 API calls 98083->98091 98084 8bba4e 98086 900322 98112 935c0c 82 API calls 98086->98112 98090->98084 98113 92359c 82 API calls __wsopen_s 98090->98113 98091->98080 98091->98083 98091->98084 98091->98086 98091->98090 98094 8baceb 23 API calls 98091->98094 98095 8bec40 348 API calls 98091->98095 98098 8ba81b 41 API calls 98091->98098 98099 8cd2f0 40 API calls 98091->98099 98100 8ca01b 348 API calls 98091->98100 98101 8d0242 5 API calls __Init_thread_wait 98091->98101 98102 8cedcd 22 API calls 98091->98102 98103 8d00a3 29 API calls __onexit 98091->98103 98104 8d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98091->98104 98105 8cee53 82 API calls 98091->98105 98106 8ce5ca 348 API calls 98091->98106 98110 90f6bf 23 API calls 98091->98110 98111 8ba8c7 22 API calls __fread_nolock 98091->98111 98094->98091 98095->98091 98098->98091 98099->98091 98100->98091 98101->98091 98102->98091 98103->98091 98104->98091 98105->98091 98106->98091 98107->98076 98108->98090 98109->98091 98110->98091 98111->98091 98112->98090 98113->98081 98114 90d3a0 98115 90d3ab 98114->98115 98118 90d292 98114->98118 98116 90d3b9 GetProcAddress 98115->98116 98117 90d3c9 98115->98117 98116->98117 98117->98118 98119 90d3e4 FreeLibrary 98117->98119 98119->98118 98120 8d03fb 98121 8d0407 ___scrt_is_nonwritable_in_current_image 98120->98121 98149 8cfeb1 98121->98149 98123 8d040e 98124 8d0561 98123->98124 98127 8d0438 98123->98127 98179 8d083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 98124->98179 98126 8d0568 98172 8d4e52 98126->98172 98135 8d0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98127->98135 98160 8e247d 98127->98160 98134 8d0457 98137 8d04d8 98135->98137 98175 8d4e1a 38 API calls 3 library calls 98135->98175 98168 8d0959 98137->98168 98140 8d04de 98141 8d04f3 98140->98141 98176 8d0992 GetModuleHandleW 98141->98176 98143 8d04fa 98143->98126 98144 8d04fe 98143->98144 98145 8d0507 98144->98145 98177 8d4df5 28 API calls _abort 98144->98177 98178 8d0040 13 API calls 2 library calls 98145->98178 98148 8d050f 98148->98134 98150 8cfeba 98149->98150 98181 8d0698 IsProcessorFeaturePresent 98150->98181 98152 8cfec6 98182 8d2c94 10 API calls 3 library calls 98152->98182 98154 8cfecb 98155 8cfecf 98154->98155 98183 8e2317 98154->98183 98155->98123 98158 8cfee6 98158->98123 98161 8e2494 98160->98161 98162 8d0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98161->98162 98163 8d0451 98162->98163 98163->98134 98164 8e2421 98163->98164 98167 8e2450 98164->98167 98165 8d0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98166 8e2479 98165->98166 98166->98135 98167->98165 98234 8d2340 98168->98234 98171 8d097f 98171->98140 98236 8d4bcf 98172->98236 98175->98137 98176->98143 98177->98145 98178->98148 98179->98126 98181->98152 98182->98154 98187 8ed1f6 98183->98187 98186 8d2cbd 8 API calls 3 library calls 98186->98155 98188 8ed213 98187->98188 98191 8ed20f 98187->98191 98188->98191 98193 8e4bfb 98188->98193 98190 8cfed8 98190->98158 98190->98186 98205 8d0a8c 98191->98205 98194 8e4c07 ___scrt_is_nonwritable_in_current_image 98193->98194 98212 8e2f5e EnterCriticalSection 98194->98212 98196 8e4c0e 98213 8e50af 98196->98213 98198 8e4c1d 98204 8e4c2c 98198->98204 98226 8e4a8f 29 API calls 98198->98226 98201 8e4c3d __wsopen_s 98201->98188 98202 8e4c27 98227 8e4b45 GetStdHandle GetFileType 98202->98227 98228 8e4c48 LeaveCriticalSection _abort 98204->98228 98206 8d0a95 98205->98206 98207 8d0a97 IsProcessorFeaturePresent 98205->98207 98206->98190 98209 8d0c5d 98207->98209 98233 8d0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98209->98233 98211 8d0d40 98211->98190 98212->98196 98214 8e50bb ___scrt_is_nonwritable_in_current_image 98213->98214 98215 8e50df 98214->98215 98216 8e50c8 98214->98216 98229 8e2f5e EnterCriticalSection 98215->98229 98230 8df2d9 20 API calls __dosmaperr 98216->98230 98219 8e50cd 98231 8e27ec 26 API calls pre_c_initialization 98219->98231 98220 8e50eb 98224 8e5000 __wsopen_s 21 API calls 98220->98224 98225 8e5117 98220->98225 98223 8e50d7 __wsopen_s 98223->98198 98224->98220 98232 8e513e LeaveCriticalSection _abort 98225->98232 98226->98202 98227->98204 98228->98201 98229->98220 98230->98219 98231->98223 98232->98223 98233->98211 98235 8d096c GetStartupInfoW 98234->98235 98235->98171 98237 8d4bdb FindHandlerForForeignException 98236->98237 98238 8d4bf4 98237->98238 98239 8d4be2 98237->98239 98260 8e2f5e EnterCriticalSection 98238->98260 98275 8d4d29 GetModuleHandleW 98239->98275 98242 8d4be7 98242->98238 98276 8d4d6d GetModuleHandleExW 98242->98276 98243 8d4c99 98264 8d4cd9 98243->98264 98246 8d4bfb 98246->98243 98248 8d4c70 98246->98248 98261 8e21a8 98246->98261 98252 8d4c88 98248->98252 98257 8e2421 _abort 5 API calls 98248->98257 98250 8d4cb6 98267 8d4ce8 98250->98267 98251 8d4ce2 98284 8f1d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 98251->98284 98253 8e2421 _abort 5 API calls 98252->98253 98253->98243 98257->98252 98260->98246 98285 8e1ee1 98261->98285 98304 8e2fa6 LeaveCriticalSection 98264->98304 98266 8d4cb2 98266->98250 98266->98251 98305 8e360c 98267->98305 98270 8d4d16 98273 8d4d6d _abort 8 API calls 98270->98273 98271 8d4cf6 GetPEB 98271->98270 98272 8d4d06 GetCurrentProcess TerminateProcess 98271->98272 98272->98270 98274 8d4d1e ExitProcess 98273->98274 98275->98242 98277 8d4dba 98276->98277 98278 8d4d97 GetProcAddress 98276->98278 98280 8d4dc9 98277->98280 98281 8d4dc0 FreeLibrary 98277->98281 98279 8d4dac 98278->98279 98279->98277 98282 8d0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98280->98282 98281->98280 98283 8d4bf3 98282->98283 98283->98238 98288 8e1e90 98285->98288 98287 8e1f05 98287->98248 98289 8e1e9c ___scrt_is_nonwritable_in_current_image 98288->98289 98296 8e2f5e EnterCriticalSection 98289->98296 98291 8e1eaa 98297 8e1f31 98291->98297 98295 8e1ec8 __wsopen_s 98295->98287 98296->98291 98298 8e1f51 98297->98298 98301 8e1f59 98297->98301 98299 8d0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98298->98299 98300 8e1eb7 98299->98300 98303 8e1ed5 LeaveCriticalSection _abort 98300->98303 98301->98298 98302 8e29c8 _free 20 API calls 98301->98302 98302->98298 98303->98295 98304->98266 98306 8e3627 98305->98306 98307 8e3631 98305->98307 98309 8d0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98306->98309 98312 8e2fd7 5 API calls 2 library calls 98307->98312 98310 8d4cf2 98309->98310 98310->98270 98310->98271 98311 8e3648 98311->98306 98312->98311 98313 8bdefc 98316 8b1d6f 98313->98316 98315 8bdf07 98317 8b1d8c 98316->98317 98318 8b1f6f 348 API calls 98317->98318 98319 8b1da6 98318->98319 98320 8f2759 98319->98320 98322 8b1e36 98319->98322 98323 8b1dc2 98319->98323 98326 92359c 82 API calls __wsopen_s 98320->98326 98322->98315 98323->98322 98325 8b289a 23 API calls 98323->98325 98325->98322 98326->98322 98327 8b1033 98332 8b4c91 98327->98332 98331 8b1042 98333 8ba961 22 API calls 98332->98333 98334 8b4cff 98333->98334 98340 8b3af0 98334->98340 98337 8b4d9c 98338 8b1038 98337->98338 98343 8b51f7 22 API calls __fread_nolock 98337->98343 98339 8d00a3 29 API calls __onexit 98338->98339 98339->98331 98341 8b3b1c 3 API calls 98340->98341 98342 8b3b0f 98341->98342 98342->98337 98343->98337 98344 8bfe73 98345 8cceb1 23 API calls 98344->98345 98346 8bfe89 98345->98346 98351 8ccf92 98346->98351 98348 8bfeb3 98363 92359c 82 API calls __wsopen_s 98348->98363 98350 904ab8 98352 8b6270 22 API calls 98351->98352 98353 8ccfc9 98352->98353 98354 8b9cb3 22 API calls 98353->98354 98357 8ccffa 98353->98357 98355 90d166 98354->98355 98364 8b6350 22 API calls 98355->98364 98357->98348 98358 90d171 98365 8cd2f0 40 API calls 98358->98365 98360 90d184 98361 8baceb 23 API calls 98360->98361 98362 90d188 98360->98362 98361->98362 98362->98362 98363->98350 98364->98358 98365->98360 98366 8b2e37 98367 8ba961 22 API calls 98366->98367 98368 8b2e4d 98367->98368 98445 8b4ae3 98368->98445 98370 8b2e6b 98371 8b3a5a 24 API calls 98370->98371 98372 8b2e7f 98371->98372 98373 8b9cb3 22 API calls 98372->98373 98374 8b2e8c 98373->98374 98375 8b4ecb 94 API calls 98374->98375 98376 8b2ea5 98375->98376 98377 8b2ead 98376->98377 98378 8f2cb0 98376->98378 98459 8ba8c7 22 API calls __fread_nolock 98377->98459 98379 922cf9 80 API calls 98378->98379 98380 8f2cc3 98379->98380 98381 8f2ccf 98380->98381 98383 8b4f39 68 API calls 98380->98383 98386 8b4f39 68 API calls 98381->98386 98383->98381 98384 8b2ec3 98460 8b6f88 22 API calls 98384->98460 98389 8f2ce5 98386->98389 98387 8b2ecf 98388 8b9cb3 22 API calls 98387->98388 98390 8b2edc 98388->98390 98477 8b3084 22 API calls 98389->98477 98461 8ba81b 41 API calls 98390->98461 98392 8b2eec 98395 8b9cb3 22 API calls 98392->98395 98394 8f2d02 98478 8b3084 22 API calls 98394->98478 98397 8b2f12 98395->98397 98462 8ba81b 41 API calls 98397->98462 98398 8f2d1e 98400 8b3a5a 24 API calls 98398->98400 98401 8f2d44 98400->98401 98479 8b3084 22 API calls 98401->98479 98402 8b2f21 98405 8ba961 22 API calls 98402->98405 98404 8f2d50 98480 8ba8c7 22 API calls __fread_nolock 98404->98480 98407 8b2f3f 98405->98407 98463 8b3084 22 API calls 98407->98463 98409 8f2d5e 98481 8b3084 22 API calls 98409->98481 98410 8b2f4b 98464 8d4a28 40 API calls 3 library calls 98410->98464 98413 8f2d6d 98482 8ba8c7 22 API calls __fread_nolock 98413->98482 98414 8b2f59 98414->98389 98415 8b2f63 98414->98415 98465 8d4a28 40 API calls 3 library calls 98415->98465 98418 8f2d83 98483 8b3084 22 API calls 98418->98483 98419 8b2f6e 98419->98394 98421 8b2f78 98419->98421 98466 8d4a28 40 API calls 3 library calls 98421->98466 98422 8f2d90 98424 8b2f83 98424->98398 98425 8b2f8d 98424->98425 98467 8d4a28 40 API calls 3 library calls 98425->98467 98427 8b2f98 98428 8b2fdc 98427->98428 98468 8b3084 22 API calls 98427->98468 98428->98413 98429 8b2fe8 98428->98429 98429->98422 98471 8b63eb 22 API calls 98429->98471 98431 8b2fbf 98469 8ba8c7 22 API calls __fread_nolock 98431->98469 98434 8b2ff8 98472 8b6a50 22 API calls 98434->98472 98435 8b2fcd 98470 8b3084 22 API calls 98435->98470 98438 8b3006 98473 8b70b0 23 API calls 98438->98473 98442 8b3021 98443 8b3065 98442->98443 98474 8b6f88 22 API calls 98442->98474 98475 8b70b0 23 API calls 98442->98475 98476 8b3084 22 API calls 98442->98476 98446 8b4af0 __wsopen_s 98445->98446 98447 8b6b57 22 API calls 98446->98447 98448 8b4b22 98446->98448 98447->98448 98458 8b4b58 98448->98458 98484 8b4c6d 98448->98484 98450 8b9cb3 22 API calls 98452 8b4c52 98450->98452 98451 8b9cb3 22 API calls 98451->98458 98453 8b515f 22 API calls 98452->98453 98456 8b4c5e 98453->98456 98454 8b4c6d 22 API calls 98454->98458 98455 8b515f 22 API calls 98455->98458 98456->98370 98457 8b4c29 98457->98450 98457->98456 98458->98451 98458->98454 98458->98455 98458->98457 98459->98384 98460->98387 98461->98392 98462->98402 98463->98410 98464->98414 98465->98419 98466->98424 98467->98427 98468->98431 98469->98435 98470->98428 98471->98434 98472->98438 98473->98442 98474->98442 98475->98442 98476->98442 98477->98394 98478->98398 98479->98404 98480->98409 98481->98413 98482->98418 98483->98422 98485 8baec9 22 API calls 98484->98485 98486 8b4c78 98485->98486 98486->98448

                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                          Function 008B42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 389 8b42de-8b434d call 8ba961 GetVersionExW call 8b6b57 394 8f3617-8f362a 389->394 395 8b4353 389->395 396 8f362b-8f362f 394->396 397 8b4355-8b4357 395->397 398 8f3632-8f363e 396->398 399 8f3631 396->399 400 8b435d-8b43bc call 8b93b2 call 8b37a0 397->400 401 8f3656 397->401 398->396 403 8f3640-8f3642 398->403 399->398 417 8f37df-8f37e6 400->417 418 8b43c2-8b43c4 400->418 406 8f365d-8f3660 401->406 403->397 405 8f3648-8f364f 403->405 405->394 410 8f3651 405->410 407 8b441b-8b4435 GetCurrentProcess IsWow64Process 406->407 408 8f3666-8f36a8 406->408 413 8b4437 407->413 414 8b4494-8b449a 407->414 408->407 411 8f36ae-8f36b1 408->411 410->401 415 8f36db-8f36e5 411->415 416 8f36b3-8f36bd 411->416 419 8b443d-8b4449 413->419 414->419 423 8f36f8-8f3702 415->423 424 8f36e7-8f36f3 415->424 420 8f36bf-8f36c5 416->420 421 8f36ca-8f36d6 416->421 425 8f37e8 417->425 426 8f3806-8f3809 417->426 418->406 422 8b43ca-8b43dd 418->422 427 8b444f-8b445e LoadLibraryA 419->427 428 8f3824-8f3828 GetSystemInfo 419->428 420->407 421->407 429 8b43e3-8b43e5 422->429 430 8f3726-8f372f 422->430 432 8f3715-8f3721 423->432 433 8f3704-8f3710 423->433 424->407 431 8f37ee 425->431 434 8f380b-8f381a 426->434 435 8f37f4-8f37fc 426->435 436 8b449c-8b44a6 GetSystemInfo 427->436 437 8b4460-8b446e GetProcAddress 427->437 439 8b43eb-8b43ee 429->439 440 8f374d-8f3762 429->440 441 8f373c-8f3748 430->441 442 8f3731-8f3737 430->442 431->435 432->407 433->407 434->431 443 8f381c-8f3822 434->443 435->426 438 8b4476-8b4478 436->438 437->436 444 8b4470-8b4474 GetNativeSystemInfo 437->444 445 8b447a-8b447b FreeLibrary 438->445 446 8b4481-8b4493 438->446 447 8f3791-8f3794 439->447 448 8b43f4-8b440f 439->448 449 8f376f-8f377b 440->449 450 8f3764-8f376a 440->450 441->407 442->407 443->435 444->438 445->446 447->407 451 8f379a-8f37c1 447->451 452 8b4415 448->452 453 8f3780-8f378c 448->453 449->407 450->407 454 8f37ce-8f37da 451->454 455 8f37c3-8f37c9 451->455 452->407 453->407 454->407 455->407
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 008B430D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,0094CB64,00000000,?,?), ref: 008B4422
                                                                                                                                                                                                                                                                                                                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 008B4429
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 008B4454
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 008B4466
                                                                                                                                                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 008B4474
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 008B447B
                                                                                                                                                                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 008B44A0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 90acdaaa7c16df009e4438a4c3de3370b0d1677aed57d720cacd9723333a08ac
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c34fd9d4377cfe961c2d5fc2936437c6f5a2db73bf6f5041971d4efed6e9c1f0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90acdaaa7c16df009e4438a4c3de3370b0d1677aed57d720cacd9723333a08ac
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7A1B07292E2C8DFC712D7797C415E53FACBB26704B0858ABE081D3B22D264464AFB25
                                                                                                                                                                                                                                                                                                                                                          Function 008B42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 817 8b42a2-8b42ba CreateStreamOnHGlobal 818 8b42da-8b42dd 817->818 819 8b42bc-8b42d3 FindResourceExW 817->819 820 8b42d9 819->820 821 8f35ba-8f35c9 LoadResource 819->821 820->818 821->820 822 8f35cf-8f35dd SizeofResource 821->822 822->820 823 8f35e3-8f35ee LockResource 822->823 823->820 824 8f35f4-8f3612 823->824 824->820
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008B50AA,?,?,00000000,00000000), ref: 008B42B2
                                                                                                                                                                                                                                                                                                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008B50AA,?,?,00000000,00000000), ref: 008B42C9
                                                                                                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,008B50AA,?,?,00000000,00000000,?,?,?,?,?,?,008B4F20), ref: 008F35BE
                                                                                                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000,?,?,008B50AA,?,?,00000000,00000000,?,?,?,?,?,?,008B4F20), ref: 008F35D3
                                                                                                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(008B50AA,?,?,008B50AA,?,?,00000000,00000000,?,?,?,?,?,?,008B4F20,?), ref: 008F35E6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 89b95b4d8def7d0cf5eff2053270040f81a10fb86ad5aa12dae6978eb7f961a9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1a2ac9bd0b84c2e242b4df0b36f9bc64ce8ac2951bbcdaefe55c5642439ddb9f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89b95b4d8def7d0cf5eff2053270040f81a10fb86ad5aa12dae6978eb7f961a9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3118EB4201701BFE7218FA5DC4AF677BB9FBC6B51F104169F412D6260DBB2DC00A620
                                                                                                                                                                                                                                                                                                                                                          Function 008F2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 008B2B6B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00981418,?,008B2E7F,?,?,?,00000000), ref: 008B3A78
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,00972224), ref: 008F2C10
                                                                                                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,?,?,00972224), ref: 008F2C17
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: runas
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b16eca2b9799ca5f692248ed64e4e591973461b0749244b888d3ee71b4a0b79e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0fb8db6de5f574727b70b0eba01aa9de3325dd08dcaa1329f546b2b200c7628e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b16eca2b9799ca5f692248ed64e4e591973461b0749244b888d3ee71b4a0b79e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34119D31208305AAC714FF78D8519FE7BA8FB95310F44142DF186D23A3DF219A4A9713
                                                                                                                                                                                                                                                                                                                                                          Function 0091D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0091D501
                                                                                                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0091D50F
                                                                                                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0091D52F
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0091D5DC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b629e96c39985f4f221e75bbbf39ec9cfcb5fb2cca8894bfdef7b324b4dd5bd0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4034f31885c846bbe820b6aa03bfd24807eef3fd9c90f7263d3b285c2a4da754
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b629e96c39985f4f221e75bbbf39ec9cfcb5fb2cca8894bfdef7b324b4dd5bd0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 793170711082049FD304EF58C881AAFBBE8FF99354F14092DF585C62A1EB71A985CB93
                                                                                                                                                                                                                                                                                                                                                          Function 0091DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,008F5222), ref: 0091DBCE
                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 0091DBDD
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0091DBEE
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0091DBFA
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d1db4822cdec317b2a13cd3a83ccbd881cd82ff7bbc9b82878963be41d067aff
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd728be7af3149cfb3bf00c7171feb506db29763a8d89322c677235d31b50e5e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1db4822cdec317b2a13cd3a83ccbd881cd82ff7bbc9b82878963be41d067aff
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F0EC7442A9145B82206B7C9C0DCEA376C9E02338B104B02F575C10F0EBF09D94D5D5
                                                                                                                                                                                                                                                                                                                                                          Function 0090D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                          • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2d468724e6fa8c711d52de8cf4a421fc80be58fc49b65459ed55e97b6eb62854
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a4e5b77e9ca4261cfcb86452e01e0858978cedcf96aa0268af005b31f53407c4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d468724e6fa8c711d52de8cf4a421fc80be58fc49b65459ed55e97b6eb62854
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7D012A180A218EECB9096D8DC45DB9B3BCFB08301F508866F92AD1080D738D548AB61
                                                                                                                                                                                                                                                                                                                                                          Function 008D4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(008E28E9,?,008D4CBE,008E28E9,009788B8,0000000C,008D4E15,008E28E9,00000002,00000000,?,008E28E9), ref: 008D4D09
                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,008D4CBE,008E28E9,009788B8,0000000C,008D4E15,008E28E9,00000002,00000000,?,008E28E9), ref: 008D4D10
                                                                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 008D4D22
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 72c434ec9382dd4b2241359fb70e99f0dc8d630dc066ded427e42261175b8495
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 69ccd541ccb9dcef78df146f19b9c2a8f40d4f6aaf5f0be1fd45498e1390523c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72c434ec9382dd4b2241359fb70e99f0dc8d630dc066ded427e42261175b8495
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4E0B675015188AFCF61AF64DD09E583B6AFB46781F144115FC05CB232DB35DD42EB80
                                                                                                                                                                                                                                                                                                                                                          Function 0090D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 0090D28C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 76b220eb6d8b1f7e9dec7d5bb0793e6b8b3bf50a85db9e69857153bb82b60702
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5b946b33f9fb94012534d3468e9b4119fdfffbb1a9f3d62cf8221a4d14ef7853
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76b220eb6d8b1f7e9dec7d5bb0793e6b8b3bf50a85db9e69857153bb82b60702
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11D0C9B581611DEFCF90DB94DC88DD9B37CBB04305F100555F106E2040D73495489F10
                                                                                                                                                                                                                                                                                                                                                          Function 0093AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 0 93aff9-93b056 call 8d2340 3 93b094-93b098 0->3 4 93b058-93b06b call 8bb567 0->4 6 93b09a-93b0bb call 8bb567 * 2 3->6 7 93b0dd-93b0e0 3->7 12 93b0c8 4->12 13 93b06d-93b092 call 8bb567 * 2 4->13 29 93b0bf-93b0c4 6->29 9 93b0e2-93b0e5 7->9 10 93b0f5-93b119 call 8b7510 call 8b7620 7->10 14 93b0e8-93b0ed call 8bb567 9->14 31 93b1d8-93b1e0 10->31 32 93b11f-93b178 call 8b7510 call 8b7620 call 8b7510 call 8b7620 call 8b7510 call 8b7620 10->32 17 93b0cb-93b0cf 12->17 13->29 14->10 23 93b0d1-93b0d7 17->23 24 93b0d9-93b0db 17->24 23->14 24->7 24->10 29->7 33 93b0c6 29->33 36 93b1e2-93b1fd call 8b7510 call 8b7620 31->36 37 93b20a-93b238 GetCurrentDirectoryW call 8cfe0b GetCurrentDirectoryW 31->37 82 93b1a6-93b1d6 GetSystemDirectoryW call 8cfe0b GetSystemDirectoryW 32->82 83 93b17a-93b195 call 8b7510 call 8b7620 32->83 33->17 36->37 53 93b1ff-93b208 call 8d4963 36->53 45 93b23c 37->45 48 93b240-93b244 45->48 51 93b246-93b270 call 8b9c6e * 3 48->51 52 93b275-93b285 call 9200d9 48->52 51->52 62 93b287-93b289 52->62 63 93b28b-93b2e1 call 9207c0 call 9206e6 call 9205a7 52->63 53->37 53->52 66 93b2ee-93b2f2 62->66 63->66 98 93b2e3 63->98 71 93b39a-93b3be CreateProcessW 66->71 72 93b2f8-93b321 call 9111c8 66->72 76 93b3c1-93b3d4 call 8cfe14 * 2 71->76 87 93b323-93b328 call 911201 72->87 88 93b32a call 9114ce 72->88 103 93b3d6-93b3e8 76->103 104 93b42f-93b43d CloseHandle 76->104 82->45 83->82 105 93b197-93b1a0 call 8d4963 83->105 97 93b32f-93b33c call 8d4963 87->97 88->97 113 93b347-93b357 call 8d4963 97->113 114 93b33e-93b345 97->114 98->66 109 93b3ea 103->109 110 93b3ed-93b3fc 103->110 107 93b43f-93b444 104->107 108 93b49c 104->108 105->48 105->82 115 93b451-93b456 107->115 116 93b446-93b44c CloseHandle 107->116 111 93b4a0-93b4a4 108->111 109->110 117 93b401-93b42a GetLastError call 8b630c call 8bcfa0 110->117 118 93b3fe 110->118 120 93b4b2-93b4bc 111->120 121 93b4a6-93b4b0 111->121 136 93b362-93b372 call 8d4963 113->136 137 93b359-93b360 113->137 114->113 114->114 124 93b463-93b468 115->124 125 93b458-93b45e CloseHandle 115->125 116->115 127 93b4e5-93b4f6 call 920175 117->127 118->117 128 93b4c4-93b4e3 call 8bcfa0 CloseHandle 120->128 129 93b4be 120->129 121->127 131 93b475-93b49a call 9209d9 call 93b536 124->131 132 93b46a-93b470 CloseHandle 124->132 125->124 128->127 129->128 131->111 132->131 146 93b374-93b37b 136->146 147 93b37d-93b398 call 8cfe14 * 3 136->147 137->136 137->137 146->146 146->147 147->76
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0093B198
                                                                                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0093B1B0
                                                                                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0093B1D4
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0093B200
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0093B214
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0093B236
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0093B332
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009205A7: GetStdHandle.KERNEL32(000000F6), ref: 009205C6
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0093B34B
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0093B366
                                                                                                                                                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0093B3B6
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0093B407
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0093B439
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0093B44A
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0093B45C
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0093B46E
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0093B4E3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 748e945ad090bcde67eaacf38ac795cabc8b95a8f4e01f9f39cd3d8c1b350d73
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ba611785a07b3d55b26bed4b058263a18e13f3d3a864f35a88e78dae110125d5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 748e945ad090bcde67eaacf38ac795cabc8b95a8f4e01f9f39cd3d8c1b350d73
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF158316083009FC724EF28C895B6ABBE5FF85314F14895DF9999B2A2DB31EC44CB52
                                                                                                                                                                                                                                                                                                                                                          Function 008BD730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetInputState.USER32 ref: 008BD807
                                                                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 008BDA07
                                                                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008BDB28
                                                                                                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 008BDB7B
                                                                                                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 008BDB89
                                                                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008BDB9F
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 008BDBB1
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a96123cac1ebe8f80265ed59a8a7bad4bfb96539be34adc94c0d989ff72ff490
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: deae3e4280979608634befaec045a8e798ffa555abf584cf5b18d109cffa7bb1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a96123cac1ebe8f80265ed59a8a7bad4bfb96539be34adc94c0d989ff72ff490
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2242BE70608741EFD728CF24C898BAABBE5FF86314F148559E895C7391E774E844DB82
                                                                                                                                                                                                                                                                                                                                                          Function 008B2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 008B2D07
                                                                                                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 008B2D31
                                                                                                                                                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008B2D42
                                                                                                                                                                                                                                                                                                                                                          • InitCommonControlsEx.COMCTL32(?), ref: 008B2D5F
                                                                                                                                                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008B2D6F
                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A9), ref: 008B2D85
                                                                                                                                                                                                                                                                                                                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008B2D94
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 16cdf22d539adf64b4bb1441bde44b137097c2b87a760427209dc2b69c178008
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aec04e399c2b3d01e5a30bfb51bb025b78f4bc5f283d3cf91967b017e0f2ec73
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16cdf22d539adf64b4bb1441bde44b137097c2b87a760427209dc2b69c178008
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C521C4B5926318AFDB40DFA4EC49BDDBBB8FB09700F00411AF511A63A0D7B24545EF91
                                                                                                                                                                                                                                                                                                                                                          Function 008F065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 457 8f065b-8f068b call 8f042f 460 8f068d-8f0698 call 8df2c6 457->460 461 8f06a6-8f06b2 call 8e5221 457->461 466 8f069a-8f06a1 call 8df2d9 460->466 467 8f06cb-8f0714 call 8f039a 461->467 468 8f06b4-8f06c9 call 8df2c6 call 8df2d9 461->468 477 8f097d-8f0983 466->477 475 8f0716-8f071f 467->475 476 8f0781-8f078a GetFileType 467->476 468->466 479 8f0756-8f077c GetLastError call 8df2a3 475->479 480 8f0721-8f0725 475->480 481 8f078c-8f07bd GetLastError call 8df2a3 CloseHandle 476->481 482 8f07d3-8f07d6 476->482 479->466 480->479 486 8f0727-8f0754 call 8f039a 480->486 481->466 496 8f07c3-8f07ce call 8df2d9 481->496 484 8f07df-8f07e5 482->484 485 8f07d8-8f07dd 482->485 489 8f07e9-8f0837 call 8e516a 484->489 490 8f07e7 484->490 485->489 486->476 486->479 500 8f0839-8f0845 call 8f05ab 489->500 501 8f0847-8f086b call 8f014d 489->501 490->489 496->466 500->501 506 8f086f-8f0879 call 8e86ae 500->506 507 8f087e-8f08c1 501->507 508 8f086d 501->508 506->477 510 8f08c3-8f08c7 507->510 511 8f08e2-8f08f0 507->511 508->506 510->511 513 8f08c9-8f08dd 510->513 514 8f097b 511->514 515 8f08f6-8f08fa 511->515 513->511 514->477 515->514 516 8f08fc-8f092f CloseHandle call 8f039a 515->516 519 8f0963-8f0977 516->519 520 8f0931-8f095d GetLastError call 8df2a3 call 8e5333 516->520 519->514 520->519
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008F039A: CreateFileW.KERNEL32(00000000,00000000,?,008F0704,?,?,00000000,?,008F0704,00000000,0000000C), ref: 008F03B7
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 008F076F
                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 008F0776
                                                                                                                                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 008F0782
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 008F078C
                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 008F0795
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 008F07B5
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 008F08FF
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 008F0931
                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 008F0938
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d563659fc22649a965edc0cb36abd8bc39416bfe10f199b2cba12d3b491b377f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b88291b9029451ca535dad115d92c0eff16d58422183263a3f7fa842f2404237
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d563659fc22649a965edc0cb36abd8bc39416bfe10f199b2cba12d3b491b377f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71A11132A141088FDF19AF78D851BBE7BA0FB4A324F144159F911DF392DA319912DF92
                                                                                                                                                                                                                                                                                                                                                          Function 008B344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00981418,?,008B2E7F,?,?,?,00000000), ref: 008B3A78
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 008B3379
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 008B356A
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 008F318D
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008F31CE
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 008F3210
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008F3277
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008F3286
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 08eb68785704b6d3ab0cdf8c2ecab4348cef7d73e2b6900e852617014fb2e283
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8446209865983f3ead696e184c8c8357841280a5b7a173648233e6f9ae44bd97
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08eb68785704b6d3ab0cdf8c2ecab4348cef7d73e2b6900e852617014fb2e283
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09718E714193049EC314EF69ECA29ABBBE8FF85B40F40042EF585D7361EB349A48DB52
                                                                                                                                                                                                                                                                                                                                                          Function 008B2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 008B2B8E
                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 008B2B9D
                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 008B2BB3
                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A4), ref: 008B2BC5
                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A2), ref: 008B2BD7
                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 008B2BEF
                                                                                                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 008B2C40
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B2CD4: GetSysColorBrush.USER32(0000000F), ref: 008B2D07
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B2CD4: RegisterClassExW.USER32(00000030), ref: 008B2D31
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008B2D42
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B2CD4: InitCommonControlsEx.COMCTL32(?), ref: 008B2D5F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008B2D6F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B2CD4: LoadIconW.USER32(000000A9), ref: 008B2D85
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008B2D94
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5f6ad0bb38fd4db90f9b2d191cba734a843a4b0bc2fca2dc9c24f38d55412f87
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: debe9f3db9fce2123b55f60ef094811b274f1d2c51c75e56b56cf9d1e2ba42e6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f6ad0bb38fd4db90f9b2d191cba734a843a4b0bc2fca2dc9c24f38d55412f87
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B22118B4E29318AFDB109FA5EC55AA97FB8FB48B50F00001BF600A67A0D7B15641EF90
                                                                                                                                                                                                                                                                                                                                                          Function 008B3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 598 8b3170-8b3185 599 8b3187-8b318a 598->599 600 8b31e5-8b31e7 598->600 602 8b31eb 599->602 603 8b318c-8b3193 599->603 600->599 601 8b31e9 600->601 604 8b31d0-8b31d8 DefWindowProcW 601->604 605 8f2dfb-8f2e23 call 8b18e2 call 8ce499 602->605 606 8b31f1-8b31f6 602->606 607 8b3199-8b319e 603->607 608 8b3265-8b326d PostQuitMessage 603->608 609 8b31de-8b31e4 604->609 641 8f2e28-8f2e2f 605->641 611 8b31f8-8b31fb 606->611 612 8b321d-8b3244 SetTimer RegisterWindowMessageW 606->612 614 8f2e7c-8f2e90 call 91bf30 607->614 615 8b31a4-8b31a8 607->615 610 8b3219-8b321b 608->610 610->609 617 8f2d9c-8f2d9f 611->617 618 8b3201-8b320f KillTimer call 8b30f2 611->618 612->610 620 8b3246-8b3251 CreatePopupMenu 612->620 614->610 634 8f2e96 614->634 621 8b31ae-8b31b3 615->621 622 8f2e68-8f2e72 call 91c161 615->622 626 8f2dd7-8f2df6 MoveWindow 617->626 627 8f2da1-8f2da5 617->627 638 8b3214 call 8b3c50 618->638 620->610 623 8f2e4d-8f2e54 621->623 624 8b31b9-8b31be 621->624 639 8f2e77 622->639 623->604 637 8f2e5a-8f2e63 call 910ad7 623->637 632 8b3253-8b3263 call 8b326f 624->632 633 8b31c4-8b31ca 624->633 626->610 635 8f2da7-8f2daa 627->635 636 8f2dc6-8f2dd2 SetFocus 627->636 632->610 633->604 633->641 634->604 635->633 642 8f2db0-8f2dc1 call 8b18e2 635->642 636->610 637->604 638->610 639->610 641->604 646 8f2e35-8f2e48 call 8b30f2 call 8b3837 641->646 642->610 646->604
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,008B316A,?,?), ref: 008B31D8
                                                                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,008B316A,?,?), ref: 008B3204
                                                                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008B3227
                                                                                                                                                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,008B316A,?,?), ref: 008B3232
                                                                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 008B3246
                                                                                                                                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 008B3267
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                          • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 07eef985ec78572a1f8bf4ab86c6f1c89e576bac5291ea2d4a7a1d9a4cc4c040
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0c8101afb4a46e1380b63388b946b00679e9340c5d6e6172d734c88174c83b07
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07eef985ec78572a1f8bf4ab86c6f1c89e576bac5291ea2d4a7a1d9a4cc4c040
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A412A7526820CABDB252B7CDC1EBFA3A5DFB45345F040126F512C63A2CB719E41A762
                                                                                                                                                                                                                                                                                                                                                          Function 008B1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 654 8b1410-8b1449 655 8b144f-8b1465 mciSendStringW 654->655 656 8f24b8-8f24b9 DestroyWindow 654->656 657 8b146b-8b1473 655->657 658 8b16c6-8b16d3 655->658 660 8f24c4-8f24d1 656->660 659 8b1479-8b1488 call 8b182e 657->659 657->660 661 8b16f8-8b16ff 658->661 662 8b16d5-8b16f0 UnregisterHotKey 658->662 675 8f250e-8f251a 659->675 676 8b148e-8b1496 659->676 666 8f24d3-8f24d6 660->666 667 8f2500-8f2507 660->667 661->657 665 8b1705 661->665 662->661 664 8b16f2-8b16f3 call 8b10d0 662->664 664->661 665->658 668 8f24d8-8f24e0 call 8b6246 666->668 669 8f24e2-8f24e5 FindClose 666->669 667->660 672 8f2509 667->672 674 8f24eb-8f24f8 668->674 669->674 672->675 674->667 678 8f24fa-8f24fb call 9232b1 674->678 681 8f251c-8f251e FreeLibrary 675->681 682 8f2524-8f252b 675->682 679 8b149c-8b14c1 call 8bcfa0 676->679 680 8f2532-8f253f 676->680 678->667 692 8b14f8-8b1503 CoUninitialize 679->692 693 8b14c3 679->693 683 8f2566-8f256d 680->683 684 8f2541-8f255e VirtualFree 680->684 681->682 682->675 687 8f252d 682->687 683->680 689 8f256f 683->689 684->683 688 8f2560-8f2561 call 923317 684->688 687->680 688->683 694 8f2574-8f2578 689->694 692->694 696 8b1509-8b150e 692->696 695 8b14c6-8b14f6 call 8b1a05 call 8b19ae 693->695 694->696 699 8f257e-8f2584 694->699 695->692 697 8f2589-8f2596 call 9232eb 696->697 698 8b1514-8b151e 696->698 712 8f2598 697->712 701 8b1707-8b1714 call 8cf80e 698->701 702 8b1524-8b152f call 8b988f 698->702 699->696 701->702 715 8b171a 701->715 714 8b1535 call 8b1944 702->714 717 8f259d-8f25bf call 8cfdcd 712->717 716 8b153a-8b15a5 call 8b17d5 call 8cfe14 call 8b177c call 8b988f call 8bcfa0 call 8b17fe call 8cfe14 714->716 715->701 716->717 743 8b15ab-8b15cf call 8cfe14 716->743 722 8f25c1 717->722 725 8f25c6-8f25e8 call 8cfdcd 722->725 731 8f25ea 725->731 734 8f25ef-8f2611 call 8cfdcd 731->734 741 8f2613 734->741 744 8f2618-8f2625 call 9164d4 741->744 743->725 750 8b15d5-8b15f9 call 8cfe14 743->750 749 8f2627 744->749 752 8f262c-8f2639 call 8cac64 749->752 750->734 755 8b15ff-8b1619 call 8cfe14 750->755 758 8f263b 752->758 755->744 760 8b161f-8b1643 call 8b17d5 call 8cfe14 755->760 761 8f2640-8f264d call 923245 758->761 760->752 769 8b1649-8b1651 760->769 768 8f264f 761->768 771 8f2654-8f2661 call 9232cc 768->771 769->761 770 8b1657-8b1668 call 8b988f call 8b190a 769->770 778 8b166d-8b1675 770->778 776 8f2663 771->776 779 8f2668-8f2675 call 9232cc 776->779 778->771 780 8b167b-8b1689 778->780 785 8f2677 779->785 780->779 782 8b168f-8b16c5 call 8b988f * 3 call 8b1876 780->782 785->785
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 008B1459
                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.COMBASE ref: 008B14F8
                                                                                                                                                                                                                                                                                                                                                          • UnregisterHotKey.USER32(?), ref: 008B16DD
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 008F24B9
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 008F251E
                                                                                                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 008F254B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: close all
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 700defea83df1440a67bfbf8959bacfd8336ba8d1c551553eed5abcd00696784
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1e62ed94d2a631ce744e131223ee011b5ee1e84d2f613c426dfd7762524d1f4b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 700defea83df1440a67bfbf8959bacfd8336ba8d1c551553eed5abcd00696784
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85D16B306022169FDB29EF28C4A9A69F7A1FF05704F5441ADE54AEB362DB30AC12CF55
                                                                                                                                                                                                                                                                                                                                                          Function 0091DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 793 91de27-91de4a WSAStartup 794 91de50-91de71 gethostname gethostbyname 793->794 795 91dee6-91def2 call 8d4983 793->795 794->795 796 91de73-91de7a 794->796 803 91def3-91def6 795->803 798 91de83-91de85 796->798 799 91de7c-91de81 796->799 801 91de87-91de94 call 8d4983 798->801 802 91de96-91dedb call 8d0e20 inet_ntoa call 8dd5f0 call 91ebd1 call 8d4983 call 8cfe14 798->802 799->798 799->799 808 91dede-91dee4 WSACleanup 801->808 802->808 808->803
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5edd152227b7a1f7ee94bd190559741047b14b6ba400fbd82981e146b33233c5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a746b3c914525538e8aee084b4d92af6695b3bf48d7ce840af171d9cc5f94c82
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5edd152227b7a1f7ee94bd190559741047b14b6ba400fbd82981e146b33233c5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E115971A05108BFDB20AB34DC0AEEE37BCEF11712F00026AF445DA291EF748AC0DA51
                                                                                                                                                                                                                                                                                                                                                          Function 008B2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 827 8b2c63-8b2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 008B2C91
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 008B2CB2
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,008B1CAD,?), ref: 008B2CC6
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,008B1CAD,?), ref: 008B2CCF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 192842f2a4cc2040266d14c6692133edaf08b5ae52a343caf98f9130daf546c1
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fb4131f9bab20ab098c74245e2eec04befe43de715af6d5caa591f1379cbae5e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 192842f2a4cc2040266d14c6692133edaf08b5ae52a343caf98f9130daf546c1
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF0DAB95653907EEB711717AC08EB72EBDD7C7F50B00005BF900A26A0C6751852EBB0
                                                                                                                                                                                                                                                                                                                                                          Function 008B10F3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 008B1BF4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 008B1BFC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 008B1C07
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 008B1C12
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 008B1C1A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 008B1C22
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B1B4A: RegisterWindowMessageW.USER32(00000004,?,008B12C4), ref: 008B1BA2
                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 008B136A
                                                                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32 ref: 008B1388
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 008F24AB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0S$`=
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1986988660-3376978208
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: df65fb0033ea0d84e1c6f037109d4c1090b21edb7779fa10281ac4f88054153a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3107dd91c33eba30abbcbd7c9777b24aed9eef495983860a0808dd8ca335b0ab
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df65fb0033ea0d84e1c6f037109d4c1090b21edb7779fa10281ac4f88054153a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D718AB49293009FC798EF79E856A953AECFB89344754822EE01AC7372EB304442AF45
                                                                                                                                                                                                                                                                                                                                                          Function 008BDFD0 Relevance: 8.4, APIs: 2, Strings: 2, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID: $Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1899090267
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6486c36ec1e51b37964351262e9b740d8fa0331aac288d65cb06f1215b903230
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7ad5e07baf456df55d387bca72cd03b78d3ae7bffdf678fc1601f043580b571b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6486c36ec1e51b37964351262e9b740d8fa0331aac288d65cb06f1215b903230
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBC25575A00219CFCB24CF98C880AEEB7B5FB18314F248569E956EB391D375ED41CB91
                                                                                                                                                                                                                                                                                                                                                          Function 008BEC40 Relevance: 8.2, APIs: 3, Strings: 1, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 008BFE66
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-3162483948
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 07636a002369f8442e0bf6770c6bd71e6da67fab5c62c3eeba1c28ec8ee59483
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 256b802e2835cb448512070191ee7f1afd681cf6609f13afcfb0d17b16b679a6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07636a002369f8442e0bf6770c6bd71e6da67fab5c62c3eeba1c28ec8ee59483
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BB25A74608301CFDB24CF18C890AAAB7E1FB99314F14486DFA95CB392D771E945CB92
                                                                                                                                                                                                                                                                                                                                                          Function 008B3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1974 8b3b1c-8b3b27 1975 8b3b99-8b3b9b 1974->1975 1976 8b3b29-8b3b2e 1974->1976 1977 8b3b8c-8b3b8f 1975->1977 1976->1975 1978 8b3b30-8b3b48 RegOpenKeyExW 1976->1978 1978->1975 1979 8b3b4a-8b3b69 RegQueryValueExW 1978->1979 1980 8b3b6b-8b3b76 1979->1980 1981 8b3b80-8b3b8b RegCloseKey 1979->1981 1982 8b3b78-8b3b7a 1980->1982 1983 8b3b90-8b3b97 1980->1983 1981->1977 1984 8b3b7e 1982->1984 1983->1984 1984->1981
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,008B3B0F,SwapMouseButtons,00000004,?), ref: 008B3B40
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,008B3B0F,SwapMouseButtons,00000004,?), ref: 008B3B61
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,008B3B0F,SwapMouseButtons,00000004,?), ref: 008B3B83
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 91408468c246a614be1f3ea2f8b6761a406b18ee6c2c13bd1914c29f524c7bfa
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cdf56ac24b5ab6624a11d24e40211a8d2fd95c4fe6d0ad70ade03b5dd746764d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91408468c246a614be1f3ea2f8b6761a406b18ee6c2c13bd1914c29f524c7bfa
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C112AB5521208FFDF208FA5DC44EEEBBB8FF05754B104559A805D7214D6319E40A760
                                                                                                                                                                                                                                                                                                                                                          Function 0090D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0090D3BF
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32 ref: 0090D3E5
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 51264636c5864bc914be650a140fbb1535e4ad883f79f2e1ac851a5cec0924dd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 58ca094a3e525538fce30d5a305395bd44285ef034f4a425a93a98b346d6e4e7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51264636c5864bc914be650a140fbb1535e4ad883f79f2e1ac851a5cec0924dd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BF0ABB680FB21EFD3B122984C58E6DB3A8AF00B05B548529F402E21C9E720CD40C7C6
                                                                                                                                                                                                                                                                                                                                                          Function 008B3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008F33A2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 008B3A04
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb10e62d08acedd72949d65e9b899fd2a9b6617e9154ee55f47cfed970fd79b4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 513b73d07684a9575e4473e7291d58035b872bf8a4e32f33f9d197a7f6ed0ebb
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb10e62d08acedd72949d65e9b899fd2a9b6617e9154ee55f47cfed970fd79b4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7231CE71408304AAC325EB24DC45BEBBBECFB45714F104A2AF599C2391EB70AA49C7C3
                                                                                                                                                                                                                                                                                                                                                          Function 008CFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 008D0668
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D32A4: RaiseException.KERNEL32(?,?,?,008D068A,?,00981444,?,?,?,?,?,?,008D068A,008B1129,00978738,008B1129), ref: 008D3304
                                                                                                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 008D0685
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0a9f8c9392e20e90c7ed86db09a7eed11dac394ac083cceb88525cf0dc46e260
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2949dd57dbe238156971e95973a87a2d2f1c97ca45f83e14a3250ebbbdbd608e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a9f8c9392e20e90c7ed86db09a7eed11dac394ac083cceb88525cf0dc46e260
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7F0A42490030D778B00B6A9E84AE5E777DFE50354F604236BA15D6692EF71DA158982
                                                                                                                                                                                                                                                                                                                                                          Function 0091C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 008B3A04
                                                                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0091C259
                                                                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?), ref: 0091C261
                                                                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0091C270
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 17fb77f8b34321d238821134551c2a26efbd5c19e6d97f5f72e4949cf3f892ae
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 71281fce60fa770c6132d460107be3b5c6f9aaa6908353e2d93d196cfe9881d3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17fb77f8b34321d238821134551c2a26efbd5c19e6d97f5f72e4949cf3f892ae
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2831D9B0A443486FEB328F648855BDBBBEC9F17304F00089ED5EA93241C7746AC5CB51
                                                                                                                                                                                                                                                                                                                                                          Function 008E86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,008E85CC,?,00978CC8,0000000C), ref: 008E8704
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,008E85CC,?,00978CC8,0000000C), ref: 008E870E
                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 008E8739
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f36617987ca4e14cee2908a52e0dd0bdfa6fc3ac9a8e7f32da71cec7bc53f7c8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6b7209be6632bc9167aef41c9056b345942dba8260327d433678ce845a6dab5c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f36617987ca4e14cee2908a52e0dd0bdfa6fc3ac9a8e7f32da71cec7bc53f7c8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D016F326091E0B6C664623A5C49B7E6745EB93778F350119F81CCB2E2DE60CC819251
                                                                                                                                                                                                                                                                                                                                                          Function 008BDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 008BDB7B
                                                                                                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 008BDB89
                                                                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008BDB9F
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 008BDBB1
                                                                                                                                                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 00901CC9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 00517749a8940904e072d31100bde7ac930ecb077348b25d12d40c6c5da38559
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f860ace9bad486ccaa6c3bb982b444eb39ea76abed6305564fb73ceaa3aea81b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00517749a8940904e072d31100bde7ac930ecb077348b25d12d40c6c5da38559
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F05E70659340AFEB70CB608C49FEA73ACFB45310F104A28F64AD31C0EB30A4889B25
                                                                                                                                                                                                                                                                                                                                                          Function 008C1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 008C17F6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                          • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 523bb69b842c303e3f3599be5a1eafdd8a94d99709b0ac458875d361a109ef0f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 71918335b4b5a7fd3b5f9dcf61bf3915c5507373a09e93caca6627bc0a874f20
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 523bb69b842c303e3f3599be5a1eafdd8a94d99709b0ac458875d361a109ef0f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A2257706082019FCB14DF18C488F2ABBF6FF86314F14896DF5968B2A2D731E955CB92
                                                                                                                                                                                                                                                                                                                                                          Function 008C01E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fce834464ef5ef50af480379102e16cd5570949a9a6ab4d3abb54d3f1e0dbed5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8d89e67e28725de62cbdac65415044d46d7f44de309b5a8c429ce4695ac9c6dc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fce834464ef5ef50af480379102e16cd5570949a9a6ab4d3abb54d3f1e0dbed5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21329830A00609DFDB24DF68C885FAEB7B5FF04354F158569E916EB2A2D731E9408F92
                                                                                                                                                                                                                                                                                                                                                          Function 008B2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(?), ref: 008F2C8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008B3A97,?,?,008B2E7F,?,?,?,00000000), ref: 008B3AC2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 008B2DC4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bc3788980cce69a564690e769266a2f4df799db3b1cd07df1d51b60fe993b548
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b1510a3727f5c6d89e2783347454f68eb66f5192c35631010785af268868451a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc3788980cce69a564690e769266a2f4df799db3b1cd07df1d51b60fe993b548
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B218171A1025C9ECB119F98C845BEE7BF8FF49314F00805AE509E7341DBB49A498B62
                                                                                                                                                                                                                                                                                                                                                          Function 0090D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetComputerNameW.KERNEL32(?,?), ref: 0090D375
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 136d791b0757b5dce421a65a29deebb6cd93b54bf39ef5cc9fd40f452f8193fb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d65bfe3e1e7686ef9433b7f9a548065517bee0753c822847b2938bbc17164131
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 136d791b0757b5dce421a65a29deebb6cd93b54bf39ef5cc9fd40f452f8193fb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53D0C9B581621CEFCB90DB84DC88DDDB3BCBB04305F504555F002E2040D73495489B10
                                                                                                                                                                                                                                                                                                                                                          Function 008B3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 008B3908
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c937bcd93706721363b47bd7cf2934dd64e342a9adcf1640d96ff23d55be537e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d11392b1e9911ace463b70ede51ce9e0b9a083f6a746b3973db619dfb1f4430
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c937bcd93706721363b47bd7cf2934dd64e342a9adcf1640d96ff23d55be537e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F315AB06087019FD721DF24D885797BBE8FB49708F00092EE59AC3350E771AA44DB52
                                                                                                                                                                                                                                                                                                                                                          Function 008CF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 008CF661
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008BD730: GetInputState.USER32 ref: 008BD807
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0090F2DE
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 14c5f59a521985a45565df11fcd18f65dcddc680cb2f3a81a584b6191f5391f2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5a4d415e8e4aee59bc2845cfbf59aa102f4e3ad6905bdc86d7ccee9c8515af63
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14c5f59a521985a45565df11fcd18f65dcddc680cb2f3a81a584b6191f5391f2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6F0A7752442059FD350EF79D455F9AB7E8FF46761F000029E85AC7361DB70A800CB92
                                                                                                                                                                                                                                                                                                                                                          Function 008BB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 008BBB4E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f6cc0df80d8657da3f9629dfa6e52e114ce973497af67fa25559b76d131fe307
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ef7c1f42bf4129879e07b0eaa1cbbe9c4b9203f62e931e15017c327c6297dee
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6cc0df80d8657da3f9629dfa6e52e114ce973497af67fa25559b76d131fe307
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD329C30A042099FDB24DF58C894BBEBBB9FF84354F14806AE916AB391D7B4ED41CB51
                                                                                                                                                                                                                                                                                                                                                          Function 008B4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008B4EDD,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4E9C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008B4EAE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B4E90: FreeLibrary.KERNEL32(00000000,?,?,008B4EDD,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4EC0
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4EFD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008F3CDE,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4E62
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008B4E74
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B4E59: FreeLibrary.KERNEL32(00000000,?,?,008F3CDE,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4E87
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e71ce68141ed9dda380c2f2518a4e20495e5cc7256143bbd24196d4cf81b06f3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 59c8a846e69b1788a8a265693a114bf289fc72b700d4f30c1b9f576b8a8284cf
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e71ce68141ed9dda380c2f2518a4e20495e5cc7256143bbd24196d4cf81b06f3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B119132650205AADB14BB68DC03FED77A5FF40B14F108429F542EB3D2EEB0EA459B51
                                                                                                                                                                                                                                                                                                                                                          Function 008E8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e08769d5204cb8350298848331b9f07089472169ada3ec03811a2bb8339e55f8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e8788a9a9a403141ef316d0fc09ce642d6affc7c69f443db2f6b61f7864fb4b9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e08769d5204cb8350298848331b9f07089472169ada3ec03811a2bb8339e55f8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5911367190410AEFCB05DF59E94099E7BF8FF49314F104059F808EB352DA30DA118BA5
                                                                                                                                                                                                                                                                                                                                                          Function 008E5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E4C7D: RtlAllocateHeap.NTDLL(00000008,008B1129,00000000,?,008E2E29,00000001,00000364,?,?,?,008DF2DE,008E3863,00981444,?,008CFDF5,?), ref: 008E4CBE
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E506C
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 76e7e844c93849078b8eaf4a2f8868d204b3f2419b8aeadf6953c26336e0b438
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08012B72204B446BE321CE6A9845A5AFBECFB86374F25051DF594C32C0E670A805C675
                                                                                                                                                                                                                                                                                                                                                          Function 008DE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8d1a920ca49d1a042beac258678cc79a70a6396030cd7f274634b8fb385fc65a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1F0D132510A14A6C6313A6EAC05B5A3798FF63338F10071AF825DA3D2DA74E802C6A6
                                                                                                                                                                                                                                                                                                                                                          Function 008B9CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: adafec5abc8015c7044a09e001c359287384851bfa8f5e3c1cb68c0661a74ac0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c4c022400ac04f74744cebf08c2e5862592807476df646392448376ad46417e4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adafec5abc8015c7044a09e001c359287384851bfa8f5e3c1cb68c0661a74ac0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07F0A9725006046FD7245F29D806F97BB94FF44760F10852AF719CB2D1DB31E51086A0
                                                                                                                                                                                                                                                                                                                                                          Function 008E4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,008B1129,00000000,?,008E2E29,00000001,00000364,?,?,?,008DF2DE,008E3863,00981444,?,008CFDF5,?), ref: 008E4CBE
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a07f8191532b4d310ca61d8b665d1adb9ae62b6ce848762e6b6e1f5a99585edf
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cdae064985a36519f3c4ea612694ceaff29a69fb3f57e42b532aa91efcecd44b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a07f8191532b4d310ca61d8b665d1adb9ae62b6ce848762e6b6e1f5a99585edf
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83F0E9316072A477DB215F679C05F5A3788FF437B0B346212B81EE7691CA70D80196E1
                                                                                                                                                                                                                                                                                                                                                          Function 008E3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00981444,?,008CFDF5,?,?,008BA976,00000010,00981440,008B13FC,?,008B13C6,?,008B1129), ref: 008E3852
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b3e7dac2fe6afa7ee879455f727dfdc02629407dfd63165d51adfc1af6291ca0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c3cfa678be5d12cb00851ec96fc2be628b938ca13c1f72887f2ee36ffa0e961a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3e7dac2fe6afa7ee879455f727dfdc02629407dfd63165d51adfc1af6291ca0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66E0ED311052B8ABE6312AAB9C09B9A3748FB837B0F050232BC15D3691CB60DE0192E2
                                                                                                                                                                                                                                                                                                                                                          Function 008B4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4F6D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b007af9682c2ee1ee2260fcc6eff6745f1eb704415a09c6e65c2f0ff24de6140
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dd7957db6bfdebb324a5f239f987d91688ca16cf29f9b9ecb00c4b882e94a989
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b007af9682c2ee1ee2260fcc6eff6745f1eb704415a09c6e65c2f0ff24de6140
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49F01C71505752CFDB349F64D491862B7E4FF14319310996EE1DAC3712CB31A844DF10
                                                                                                                                                                                                                                                                                                                                                          Function 00942A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00942A66
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b82477b25cfc3ebab5ca4749f09b6f4f3846933ee93c1dfe29907fa96ffe3401
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 579a43c9f5037f91def7af879f0ce74c0a7708684ded6ced02299fe882a4ef9e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b82477b25cfc3ebab5ca4749f09b6f4f3846933ee93c1dfe29907fa96ffe3401
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9E0DF3636422AAAC714EB30EC84DFA735CFBA03917004836BC26C3140EB349A9282A0
                                                                                                                                                                                                                                                                                                                                                          Function 008B30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000002,?), ref: 008B314E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 10568264003dce203dd91636a6d8e9affae6c7b210480cbcd84a75665603dd3b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 62e99c5f04a46529c5288d38851501a2cae61cf0394555d43a88a9a8b4e7536c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10568264003dce203dd91636a6d8e9affae6c7b210480cbcd84a75665603dd3b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF037709243149FE7569B24DC467D57BBCB701708F0001E6A548D6391D7745789DF51
                                                                                                                                                                                                                                                                                                                                                          Function 008B2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 008B2DC4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b61eb366f310654ce7a6d6c6ed155d786e52718514f946f07d353827a687f8c2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9b4d5fe384d81f338a34521a2d8b3c5b4406f328feeeaa4fff24a95ba717f823
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b61eb366f310654ce7a6d6c6ed155d786e52718514f946f07d353827a687f8c2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E0CD766051245BCB10925C9C05FEA77EDEFC8790F040071FD09D7248D9A4ED808551
                                                                                                                                                                                                                                                                                                                                                          Function 008B2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 008B3908
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008BD730: GetInputState.USER32 ref: 008BD807
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 008B2B6B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 008B314E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d381a07e277932ddb63ac2df6b520675f667b71e69e24190af1667db7f91aa0a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f00ee985780d636edb202a658f2333f117b6196d6a8d4b4bbe15c6b4352774e3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d381a07e277932ddb63ac2df6b520675f667b71e69e24190af1667db7f91aa0a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5E0862130424416C604BB7C98529FDA759FBD5351F40153EF142C3373DE2445464353
                                                                                                                                                                                                                                                                                                                                                          Function 0091DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 0091DF40
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 92d4ea84765bd999b2626129c9137aa7054ac4b6a0fad95fee52efb631dfa3a0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a59106b7d45534f0d4c2a5bd956cc6e37edff05d1fcb750fd95ba17e0053476f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92d4ea84765bd999b2626129c9137aa7054ac4b6a0fad95fee52efb631dfa3a0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5D05EE6A002282FDF60A6749D1DDF73AACD740220F0006A0786DD3152E924ED4486B0
                                                                                                                                                                                                                                                                                                                                                          Function 008F039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,008F0704,?,?,00000000,?,008F0704,00000000,0000000C), ref: 008F03B7
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a7555d43bd9e7d8b4410848e2dd832c54a45b4d4d85123f3d044fa58d503487
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1fcda24f632130f45dc50fc02f76f197a73e3d94b9ac61775277742caebd60af
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a7555d43bd9e7d8b4410848e2dd832c54a45b4d4d85123f3d044fa58d503487
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35D06C3205410DBFDF028F84DD06EDA3BAAFB4C714F014000BE1856020C732E821AB90
                                                                                                                                                                                                                                                                                                                                                          Function 008B1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 008B1CBC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 46cc259963a02ca52271e7c0896530796c022af12c3e34cc56a0e2550589ba19
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b97246f6543aa5c9fc26615d5317e4090febd8bb4651be304727aa3af6a37111
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46cc259963a02ca52271e7c0896530796c022af12c3e34cc56a0e2550589ba19
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1C0923A2EC304AFF3148B80FC4AF547768A348B00F048002F709A97E3C3A22820FB50

                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                          Function 00949576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008C9BB2
                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0094961A
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0094965B
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0094969F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009496C9
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 009496F2
                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0094978B
                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000009), ref: 00949798
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009497AE
                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 009497B8
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009497E9
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00949810
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001030,?,00947E95), ref: 00949918
                                                                                                                                                                                                                                                                                                                                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0094992E
                                                                                                                                                                                                                                                                                                                                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00949941
                                                                                                                                                                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 0094994A
                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 009499AF
                                                                                                                                                                                                                                                                                                                                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009499BC
                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009499D6
                                                                                                                                                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 009499E1
                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00949A19
                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00949A26
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00949A80
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00949AAE
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00949AEB
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00949B1A
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00949B3B
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00949B4A
                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00949B68
                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00949B75
                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00949B93
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00949BFA
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00949C2B
                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00949C84
                                                                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00949CB4
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00949CDE
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00949D01
                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00949D4E
                                                                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00949D82
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9944: GetWindowLongW.USER32(?,000000EB), ref: 008C9952
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00949E05
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a63ca27ecd56b516c5ba17563c649f30343798a49ed8111fe4b0d55c3766313b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d4564b17e7f950c3d85434ae5cfff463d6a7ce21e0bfedd48593cb3d975eeb5a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a63ca27ecd56b516c5ba17563c649f30343798a49ed8111fe4b0d55c3766313b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B242AD74218201AFDB24CF28CC44EABBBE9FF49314F114A19FA99872A1D731E850DF52
                                                                                                                                                                                                                                                                                                                                                          Function 00944873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009448F3
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00944908
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00944927
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0094494B
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0094495C
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0094497B
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009449AE
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009449D4
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00944A0F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00944A56
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00944A7E
                                                                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00944A97
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00944AF2
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00944B20
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00944B94
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00944BE3
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00944C82
                                                                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00944CAE
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00944CC9
                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00944CF1
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00944D13
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00944D33
                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00944D5A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                          • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7d7e7f5e4f772d784c2d76df905b85f48d2b914755b8bbbd1afb344b064c38b7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f549c6bf27f7b2cfff19ee40429213ed6b4edcc44220811d8ef8d77c3613df25
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d7e7f5e4f772d784c2d76df905b85f48d2b914755b8bbbd1afb344b064c38b7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF12DC71A00215AFEB248F28CC49FAE7BF8FF85710F104569F916EA2E1DB789941DB50
                                                                                                                                                                                                                                                                                                                                                          Function 008CF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 008CF998
                                                                                                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0090F474
                                                                                                                                                                                                                                                                                                                                                          • IsIconic.USER32(00000000), ref: 0090F47D
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000009), ref: 0090F48A
                                                                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0090F494
                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0090F4AA
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0090F4B1
                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0090F4BD
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0090F4CE
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0090F4D6
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0090F4DE
                                                                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0090F4E1
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0090F4F6
                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0090F501
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0090F50B
                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0090F510
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0090F519
                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0090F51E
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0090F528
                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0090F52D
                                                                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0090F530
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0090F557
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d348a1a0c7abafc793a0e0308babb2d1b32276b1cc00d3be1eb3996c1cd876df
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d8c7b15feed0c08932a4c42983af364bcf1d12e02ffd011180f9fe50eec03f3b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d348a1a0c7abafc793a0e0308babb2d1b32276b1cc00d3be1eb3996c1cd876df
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 553170B5A55318BFEB306BB55C4AFBF7E6CEB45B50F100025FA00E61D1C6B06E00BAA0
                                                                                                                                                                                                                                                                                                                                                          Function 00911201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0091170D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0091173A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009116C3: GetLastError.KERNEL32 ref: 0091174A
                                                                                                                                                                                                                                                                                                                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00911286
                                                                                                                                                                                                                                                                                                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 009112A8
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 009112B9
                                                                                                                                                                                                                                                                                                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 009112D1
                                                                                                                                                                                                                                                                                                                                                          • GetProcessWindowStation.USER32 ref: 009112EA
                                                                                                                                                                                                                                                                                                                                                          • SetProcessWindowStation.USER32(00000000), ref: 009112F4
                                                                                                                                                                                                                                                                                                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00911310
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009111FC), ref: 009110D4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110BF: CloseHandle.KERNEL32(?,?,009111FC), ref: 009110E9
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 28276ec050a8a2c3fa97b087765ff46ffb1ce29cd4cde6bb895cf66f48a108e7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 968c1cee2c28132bbd7977ac20f826cc55458fef830c09cb39d1b17342aab0c0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28276ec050a8a2c3fa97b087765ff46ffb1ce29cd4cde6bb895cf66f48a108e7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE818DB1A00209BFDF219FA4DC49FEE7BBDEF05704F144129FA10A62A0D7718984DB25
                                                                                                                                                                                                                                                                                                                                                          Function 00910B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00911114
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 00911120
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 0091112F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 00911136
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0091114D
                                                                                                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00910BCC
                                                                                                                                                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00910C00
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00910C17
                                                                                                                                                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00910C51
                                                                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00910C6D
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00910C84
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00910C8C
                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00910C93
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00910CB4
                                                                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00910CBB
                                                                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00910CEA
                                                                                                                                                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00910D0C
                                                                                                                                                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00910D1E
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00910D45
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00910D4C
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00910D55
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00910D5C
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00910D65
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00910D6C
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00910D78
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00910D7F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911193: GetProcessHeap.KERNEL32(00000008,00910BB1,?,00000000,?,00910BB1,?), ref: 009111A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00910BB1,?), ref: 009111A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00910BB1,?), ref: 009111B7
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 80b46e92f3ded57d6b17de3162b22441b8d23444e587f34a8adbe36d08f0f894
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f689df02076ac5296f69166dd708e17062fcba848d97073b79e2bcbb978e1c6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80b46e92f3ded57d6b17de3162b22441b8d23444e587f34a8adbe36d08f0f894
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE715CB9A0520AAFDF10DFA4EC45FEEBBBCBF45300F044515E914A7191D7B2A985CBA0
                                                                                                                                                                                                                                                                                                                                                          Function 0092EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(0094CC08), ref: 0092EB29
                                                                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 0092EB37
                                                                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 0092EB43
                                                                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0092EB4F
                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0092EB87
                                                                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0092EB91
                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0092EBBC
                                                                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 0092EBC9
                                                                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 0092EBD1
                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0092EBE2
                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0092EC22
                                                                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 0092EC38
                                                                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000F), ref: 0092EC44
                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0092EC55
                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0092EC77
                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0092EC94
                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0092ECD2
                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0092ECF3
                                                                                                                                                                                                                                                                                                                                                          • CountClipboardFormats.USER32 ref: 0092ED14
                                                                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0092ED59
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 198a3c94111acbf8cae0ec35508cd2bd1ea3f3f1a46dda2e3a5052c3d35d0edb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 57aa39cb1f3500c51c729f7acb39c48c23c65243c15d1890f31898b7a2880ffc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 198a3c94111acbf8cae0ec35508cd2bd1ea3f3f1a46dda2e3a5052c3d35d0edb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB61EF78208202AFD300EF24E888F6A7BE8FF85714F184519F496C72A6DB71DD05DB62
                                                                                                                                                                                                                                                                                                                                                          Function 0092698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 009269BE
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00926A12
                                                                                                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00926A4E
                                                                                                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00926A75
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00926AB2
                                                                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00926ADF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 89036e3d1ca29c5b26b89f8daa4b6a5120282676e637c2d296bc06d262b2c84b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9f43f377d31d77c3c8ae8709224b2a7f0a5ed988f2db1f8f1783cb86c56d9032
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89036e3d1ca29c5b26b89f8daa4b6a5120282676e637c2d296bc06d262b2c84b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D11F72508300AEC714EBA4D891EABB7ECFF88704F44491DF589D6291EB74DA44CB63
                                                                                                                                                                                                                                                                                                                                                          Function 00929642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00929663
                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 009296A1
                                                                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 009296BB
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 009296D3
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 009296DE
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 009296FA
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 0092974A
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00976B7C), ref: 00929768
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00929772
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0092977F
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0092978F
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 407b8e2e542505fb856b12b141974cceff9e086ef6745824c8fe3ea4957fb70a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c88057ce312c12cb0d547e03dc3e9f10c95ead2afffb6b540b6619610e9d3b5a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 407b8e2e542505fb856b12b141974cceff9e086ef6745824c8fe3ea4957fb70a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B93102765056296FDF20EFB4EC48EDE37ACAF4A324F104156F914E21A0DB70DE848E64
                                                                                                                                                                                                                                                                                                                                                          Function 0092979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 009297BE
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00929819
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00929824
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00929840
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00929890
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00976B7C), ref: 009298AE
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 009298B8
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 009298C5
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 009298D5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0091DB00
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6c37c53f2682cc1e60dd28979c5648b8b067ae214922129c1ae577f6bd1d61d0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 87d02726576503d17af3004c96ae115c839b07a1fdb2f606170ce3cbd79571aa
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c37c53f2682cc1e60dd28979c5648b8b067ae214922129c1ae577f6bd1d61d0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8231F4725056296FDB14EFB4EC48EDE37BCEF46324F184156E814E2194DB70D944CA20
                                                                                                                                                                                                                                                                                                                                                          Function 0091D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008B3A97,?,?,008B2E7F,?,?,?,00000000), ref: 008B3AC2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091E199: GetFileAttributesW.KERNEL32(?,0091CF95), ref: 0091E19A
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0091D122
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0091D1DD
                                                                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0091D1F0
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0091D20D
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0091D237
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0091D21C,?,?), ref: 0091D2B2
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 0091D253
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0091D264
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 85b5d6b70cc6595d83cbf03ec8ae52f495cb972cb99e94c4f9b30a0579f8bf90
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 08fc6620f44141a159f92431e9dded334ec77b408447a6f366c99ed10bf78390
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85b5d6b70cc6595d83cbf03ec8ae52f495cb972cb99e94c4f9b30a0579f8bf90
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6617C3190610DAFCF05EBA4C9929EDBBB9FF55300F204065E412B3292EB30AF49DB61
                                                                                                                                                                                                                                                                                                                                                          Function 0092ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0a62561796f4ca623414cd5a861d77c70207998044d34870ee9bc53e7f26bdf1
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8a214ba76b2c739ced84c0a210d6d5a4974f4abf8ecdf6cced4cf59f991a6887
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a62561796f4ca623414cd5a861d77c70207998044d34870ee9bc53e7f26bdf1
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0411375208221AFD320CF15E888F29BBE4FF44318F15C099E4168B7A2C775EC41CB90
                                                                                                                                                                                                                                                                                                                                                          Function 0091E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0091170D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0091173A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009116C3: GetLastError.KERNEL32 ref: 0091174A
                                                                                                                                                                                                                                                                                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 0091E932
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                          • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d4437b84336e8abb937c3bb7500631c3abb398a4bd66a9d503a9f538a55e95da
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: af1d33d0b4d01cf6cc723ad2a8eee118b232d9e1b9d5b422ae03f7c7973e724c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4437b84336e8abb937c3bb7500631c3abb398a4bd66a9d503a9f538a55e95da
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14014973B24319BFEB5422B49C86FFF725C9B08780F140822FD13E21D1D5A55CC081A0
                                                                                                                                                                                                                                                                                                                                                          Function 00931204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006), ref: 00931276
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00931283
                                                                                                                                                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 009312BA
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 009312C5
                                                                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 009312F4
                                                                                                                                                                                                                                                                                                                                                          • listen.WSOCK32(00000000,00000005), ref: 00931303
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 0093130D
                                                                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 0093133C
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8ca03fb49769958f702caa7edde53eba8b3de618c528822432ced10d94b3f17d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9ff4e9a53e7685cf88cb2ebb2c2effcf4fd3502374ae26dc341503570aee4d5c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ca03fb49769958f702caa7edde53eba8b3de618c528822432ced10d94b3f17d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57415F756001109FD710DF68C489B6ABBE5FF86318F188198E8669F3A6C771ED81CFA1
                                                                                                                                                                                                                                                                                                                                                          Function 008EB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EB9D4
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EB9F8
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EBB7F
                                                                                                                                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00953700), ref: 008EBB91
                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0098121C,000000FF,00000000,0000003F,00000000,?,?), ref: 008EBC09
                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00981270,000000FF,?,0000003F,00000000,?), ref: 008EBC36
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EBD4B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3b184f8e03d0e08b33a4afe33f8648762583789f44814e287edf4aef2ee05b16
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7f16bf76c31ce5ab66aac105b1eb78ff12be2562b5c2aa03558a70b1f2de7a66
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b184f8e03d0e08b33a4afe33f8648762583789f44814e287edf4aef2ee05b16
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5C12971904299AFCB20DF7A9C41BAB7BF9FF47320F14416AE494D7252E7309E418751
                                                                                                                                                                                                                                                                                                                                                          Function 0091D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008B3A97,?,?,008B2E7F,?,?,?,00000000), ref: 008B3AC2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091E199: GetFileAttributesW.KERNEL32(?,0091CF95), ref: 0091E19A
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0091D420
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0091D470
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0091D481
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0091D498
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0091D4A1
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 507099852b4d326d58810cde09d2cc8903e4ed6bf248555f9fd8888efc48e283
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 11123c7de44547c47df0442ac3e163feb910012e5a93c898e4207209ade7b93e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 507099852b4d326d58810cde09d2cc8903e4ed6bf248555f9fd8888efc48e283
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40315E71019345AFC304EF68D8918EF77A8BE96304F444A2DF4E1922E1EB60AA499763
                                                                                                                                                                                                                                                                                                                                                          Function 008EE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 29cc0e0fc9c31c409497f7f4dcc36ae3968623fd940c6666e9639169e926a65e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 24f640c1dbb08b045e964d019189a91116c074bf7cafad04120711e0b1aa486b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29cc0e0fc9c31c409497f7f4dcc36ae3968623fd940c6666e9639169e926a65e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1C25971E086688FDB25CE29DD407EAB7B5FB8A305F1441EAD90DE7241E774AE818F40
                                                                                                                                                                                                                                                                                                                                                          Function 0092648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009264DC
                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00926639
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0094FCF8,00000000,00000001,0094FB68,?), ref: 00926650
                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 009268D4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e4f72b8607ac362cd8f124f0cc018131c1f5ee641bbbbbfb1923efd3bc4e2e3c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 314ab13047b39506fe8ed80fc6aa0f39ff094fac6d4401fc5a6cfd3b24f67819
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4f72b8607ac362cd8f124f0cc018131c1f5ee641bbbbbfb1923efd3bc4e2e3c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34D13771508611AFC304EF28D891EABB7E8FF98704F10496DF595CB2A1EB70E905CB92
                                                                                                                                                                                                                                                                                                                                                          Function 009322DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 009322E8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0092E4EC: GetWindowRect.USER32(?,?), ref: 0092E504
                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00932312
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00932319
                                                                                                                                                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00932355
                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00932381
                                                                                                                                                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 009323DF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d25e6463d93fcfd58326f38f8331119546f74d65c6a54d848c67a7dff486fae8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a6c603ad37f056c388e185fe09b032151b91f3c8d98b36192348aa6ba74a9013
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d25e6463d93fcfd58326f38f8331119546f74d65c6a54d848c67a7dff486fae8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D31EE72609319AFD720DF14D849F9BBBA9FF89710F000A19F98597191DB34EA08CB92
                                                                                                                                                                                                                                                                                                                                                          Function 00929B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00929B78
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00929C8B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00923874: GetInputState.USER32 ref: 009238CB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00923874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00923966
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00929BA8
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00929C75
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d0f0f65583838766a9844eadf77bde6b78957a86f0c323e65a610334404c35c8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fc4345e010ff25a5615d14b65be81d1f0ddc9063f102d929521f5dbaae739dc3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f0f65583838766a9844eadf77bde6b78957a86f0c323e65a610334404c35c8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2741A471904219AFDF54DF64D885AEE7BF8FF45310F20415AE449A2295EB309E84CF61
                                                                                                                                                                                                                                                                                                                                                          Function 008C997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008C9BB2
                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 008C9A4E
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 008C9B23
                                                                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 008C9B36
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ce937752ea2d772e66f8c8f2635bfbfadb298874be07059f1f9d5c820abf4662
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 62ac7a45a8c3cbfe0adada56f120cb02986f97c8e7ec7711bf3a2b447ea097a7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce937752ea2d772e66f8c8f2635bfbfadb298874be07059f1f9d5c820abf4662
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2A13971508428BEE728AA6C9C4DF7B66BDFB82364F14418DF482D66D1CA36ED01D372
                                                                                                                                                                                                                                                                                                                                                          Function 00931806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093304E: inet_addr.WSOCK32(?), ref: 0093307A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093304E: _wcslen.LIBCMT ref: 0093309B
                                                                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 0093185D
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00931884
                                                                                                                                                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 009318DB
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 009318E6
                                                                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 00931915
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b952312e760681fa9011dc7b0fecd4f9b9e64e8c994836fef771972880c3a699
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 594a426810aaa58dc648c485ca524cd361a285c4e6697f565d692bfb58831fda
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b952312e760681fa9011dc7b0fecd4f9b9e64e8c994836fef771972880c3a699
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6251B575A002109FDB10AF28C886F6A77E5EB45718F08849CF9059F3D3DB75ED418BA2
                                                                                                                                                                                                                                                                                                                                                          Function 00941C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ef1dd5eee1f601a91cb33ab3c0cc453ad094176aeddb93846e51f593d4627f24
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ae91d9f737521ebd234298bbeb59e42224b990307b9e0c5236351d60aa49225e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef1dd5eee1f601a91cb33ab3c0cc453ad094176aeddb93846e51f593d4627f24
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4221D3717412015FD7208F1ADC84F6A7BE9FF85316B198058E88ACB391DB71EC82CB90
                                                                                                                                                                                                                                                                                                                                                          Function 008B8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: df57de3d0785051e38b85384c123b7769f138c39f5c1fc7120d5f910b95b81d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4c374f38228701f86e43e4e06ddd4560b83bd10b50edf65864492b3adeb32c3c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df57de3d0785051e38b85384c123b7769f138c39f5c1fc7120d5f910b95b81d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DA23970A0061ECBDB248F68C8547FEB7B5FB54314F2482AADA15E7385EB709D91CB90
                                                                                                                                                                                                                                                                                                                                                          Function 0091AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0091AAAC
                                                                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080), ref: 0091AAC8
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0091AB36
                                                                                                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0091AB88
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c2d6956c510bfb328ead72ec118fc83b5c427e2ad7e60c2853766e2b92aec5fd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 747a7af2cfb287ea20396beae34ca36da65ed678bc06827058cdd065bf061f75
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2d6956c510bfb328ead72ec118fc83b5c427e2ad7e60c2853766e2b92aec5fd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74312770B8A28CAEFB30CA65CC05BFA7BAAAF55320F04421AF081521D1D3798DC1D762
                                                                                                                                                                                                                                                                                                                                                          Function 0092CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 0092CE89
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 0092CEEA
                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 0092CEFE
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d5704be1894ac6058414956ae74398807fc1aef6d74c743cb21f55d97f212e26
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e12b9c66d53e2d421ecaaa2c0153911ffacb1bf8b27b0c5e773ce4f466b0b200
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5704be1894ac6058414956ae74398807fc1aef6d74c743cb21f55d97f212e26
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E821EAF1500715AFEB20DFA5E988BAAB7FCEB00318F10481EE546D2151E774EE088BA0
                                                                                                                                                                                                                                                                                                                                                          Function 00918298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 009182AA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8f3cb3ad8d1a2e07086c1805355388adf228c26c0f680da04a2bf6a3e56bca10
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9a3e7b6103f48f123c61beb4b16f725c99744e2bf8bac871465b4209719d56dd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f3cb3ad8d1a2e07086c1805355388adf228c26c0f680da04a2bf6a3e56bca10
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22323775A007059FC728CF59C481AAAB7F0FF48710B15C56EE5AADB3A1EB70E981DB40
                                                                                                                                                                                                                                                                                                                                                          Function 00925C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00925CC1
                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00925D17
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00925D5F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f1376a1d21e44b14a43c390b0e06533cd720ec0cbcffc667c7ffcce56448f7c4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4113ec5bc070818077da8a90d3d296d8d5bd3d98a98bee329d3d47e42604840a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1376a1d21e44b14a43c390b0e06533cd720ec0cbcffc667c7ffcce56448f7c4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D519975604A019FC714CF28D494E9AB7E8FF49324F15855EE99A8B3A2DB30ED04CF91
                                                                                                                                                                                                                                                                                                                                                          Function 008E2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 008E271A
                                                                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008E2724
                                                                                                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 008E2731
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 35f615b47f1f9cd2844382ed93f22f9366050675a9beb660648108e90aebb1ae
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a56de78ad7036f15e78ff3834875dc5cfe995d7edb6b5125b84f9c2e8a846d6b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35f615b47f1f9cd2844382ed93f22f9366050675a9beb660648108e90aebb1ae
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE31D5749112289BCB21DF68DC88B9CB7B8FF08310F5042EAE41CA7260E7709F818F45
                                                                                                                                                                                                                                                                                                                                                          Function 009251CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 009251DA
                                                                                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00925238
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 009252A1
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 89d4567ccaf1cf7ff718ed1c7c3ebcd2bc8356f9f91fdceca407859e1317978d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2d56e9582abfa7189cc9555a5c8d82fa1aa2a116a2f07d9afe7f1f1eb3be822a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89d4567ccaf1cf7ff718ed1c7c3ebcd2bc8356f9f91fdceca407859e1317978d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F318F75A00518DFDB00DF54D884EEDBBB4FF49314F158099E805AB3A6DB31E845CB91
                                                                                                                                                                                                                                                                                                                                                          Function 009116C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008D0668
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008D0685
                                                                                                                                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0091170D
                                                                                                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0091173A
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0091174A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b831249dc99663cc9895ab899cdb4f3f16146e2d7aa729b060fd21af0260f05
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 70e103f3db1744a7f547401eaf22fae103e9c7e7095c39f1e2ef8156709b115e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b831249dc99663cc9895ab899cdb4f3f16146e2d7aa729b060fd21af0260f05
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3711C1B2514309BFE7189F54DC86EAAB7BDFB04754B20852EE15693291EB70FC818B20
                                                                                                                                                                                                                                                                                                                                                          Function 0091D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0091D608
                                                                                                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0091D645
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0091D650
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dcd640addff3c1fd6ad1004d3acd26dc2d245015872d093731588ed167c94d4b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e7f454cf3d880b326bfa4014a018a22ae09abdbfc81ba312a76119e394055232
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcd640addff3c1fd6ad1004d3acd26dc2d245015872d093731588ed167c94d4b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9118EB5E06228BFDB208F94DC44FEFBBBCEB45B50F108111F904E7290C2B05A018BA1
                                                                                                                                                                                                                                                                                                                                                          Function 00911663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0091168C
                                                                                                                                                                                                                                                                                                                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 009116A1
                                                                                                                                                                                                                                                                                                                                                          • FreeSid.ADVAPI32(?), ref: 009116B1
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 02675957fdd1a2f7c25459556cc677c680cc9205bd58f4c50c4b5f0469870073
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7c0e2dcdd62fe69d9b29c44f73f9fda3bdec87d31d1395008817a04afa39543b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02675957fdd1a2f7c25459556cc677c680cc9205bd58f4c50c4b5f0469870073
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF044B5A5130CFFDF00CFE08C89EAEBBBCEB08200F004860E500E2180E330AA449A50
                                                                                                                                                                                                                                                                                                                                                          Function 008EC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0e49c023e3b44c0b180938191c07a13dd4d718730921938e8dadb922969f898d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 627ca5c65ecce5418d35630241ddedd40040875b8c48ccbd14d17cb248e24220
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e49c023e3b44c0b180938191c07a13dd4d718730921938e8dadb922969f898d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5413B769002596FCB249FBACC49DBB7778FB86314F10426DF915D7280E6709D82CB50
                                                                                                                                                                                                                                                                                                                                                          Function 008DCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8e6fe5c4ec42dd8b4c45fecb763ba8a63046ec7f99a25e2f0af9b7c0f996cdde
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B020D71E0121A9BDF14CFA9C9806ADFBF1FF48314F25826AD919E7384D731AA41CB94
                                                                                                                                                                                                                                                                                                                                                          Function 009268EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00926918
                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00926961
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ce7cdf652ddd9ee0b2c31216af33249f46c50ec76fb887a2b64fe2462020062b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e3a302307e2a7febe5d79ba4458640c9801a39b169f46897b42068cbec571879
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce7cdf652ddd9ee0b2c31216af33249f46c50ec76fb887a2b64fe2462020062b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC11D0756042109FC710CF29D484A26BBE4FF85328F04C699F4698F7A2CB70EC45CB91
                                                                                                                                                                                                                                                                                                                                                          Function 009237B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00934891,?,?,00000035,?), ref: 009237E4
                                                                                                                                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00934891,?,?,00000035,?), ref: 009237F4
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c344ca2b774cbf19a3ada3792d610c377095b63d875038a6dac06cd3d69a71c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 12a2a2135c962ed8d5dd5dfea799b5f28b2fd9830ea68d9ae3f8554d3d339b66
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c344ca2b774cbf19a3ada3792d610c377095b63d875038a6dac06cd3d69a71c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF05CB06052282BDB1017755C4CFEB3A5DEFC5760F000121F104D2280C9608900C7B0
                                                                                                                                                                                                                                                                                                                                                          Function 0091B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0091B25D
                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 0091B270
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c0a47c0cdba7167a6d23c49068ae4d5a809f0dd182118b1bb41af6627aebfcb7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 533fb5e858b580f2c7426fe15bcecbaf5afd02db4967875dd388a7dbefff6309
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0a47c0cdba7167a6d23c49068ae4d5a809f0dd182118b1bb41af6627aebfcb7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FF06D7590424DAFDB058FA0C805BEE7BB4FF04305F008409F961A5191C37982059F94
                                                                                                                                                                                                                                                                                                                                                          Function 009110BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009111FC), ref: 009110D4
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,009111FC), ref: 009110E9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b0d1cf345415b6fcba6345f64634c8675b7f89029572a3c7e738c255940284c8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 608cdd69d9f7447bec48ea484be819966d03e1eca80150e6d0b5ac577573e5fc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0d1cf345415b6fcba6345f64634c8675b7f89029572a3c7e738c255940284c8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37E04F72019610AEF7652B15FC05F7377A9FB04310B10882DF6A6804B2DB72AC90EB10
                                                                                                                                                                                                                                                                                                                                                          Function 008BCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • Variable is not of type 'Object'., xrefs: 00900C40
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5c43504e07f2e6595db6d474a085ef487ee6e0ac3c92ef1c875d02f6dd6dee2f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 31b8f46ac048809af197d850f7a2a3d8b0fff8baf0936af3493c4e9a8a3cb966
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c43504e07f2e6595db6d474a085ef487ee6e0ac3c92ef1c875d02f6dd6dee2f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C325574900218DFDF14DF94C891BEDBBB9FF45308F248069E806AB392DB75AA45CB61
                                                                                                                                                                                                                                                                                                                                                          Function 008E676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008E6766,?,?,00000008,?,?,008EFEFE,00000000), ref: 008E6998
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 53906ffea5bfce5bf4d1e7d888ffa7f041446b60bda4d5607e546c41c4c2e875
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4368fddb12cb60634fbbb977852096d35ada34e4f6f32cbbe91eee82fcaaeaec
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53906ffea5bfce5bf4d1e7d888ffa7f041446b60bda4d5607e546c41c4c2e875
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDB16E31610648DFD715CF29C486B657BE0FF163A4F258668E8D9CF2A2D335E9A1CB40
                                                                                                                                                                                                                                                                                                                                                          Function 008CB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 367333c106c7169d84771adac1d34d0d73918f1f5d2a53310e3f352969ff4963
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 60e3d1377984c510e7e5f930deada6dc483316f72ac7d2f6149c154da809caf0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 367333c106c7169d84771adac1d34d0d73918f1f5d2a53310e3f352969ff4963
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40124F71A006299FCB14CF58C881BEEB7F5FF48710F14819AE849EB295DB349E81CB94
                                                                                                                                                                                                                                                                                                                                                          Function 0092EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • BlockInput.USER32(00000001), ref: 0092EABD
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 655e0ec9569e76be819e6217c731ec4439cdd6fecd19a5151090158fa99238e5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0aabd35b745fa33cc1c76e5d0334f29173cedc56c4b65c219f2c9a1744347620
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 655e0ec9569e76be819e6217c731ec4439cdd6fecd19a5151090158fa99238e5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5E01A352102149FC710EF59E844E9AB7EDFFA9760F00841AFC4AC7351DAB0A8408B91
                                                                                                                                                                                                                                                                                                                                                          Function 008D09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008D03EE), ref: 008D09DA
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dad1ad5790e307306fd0722ff8f988e812dd8784c56a3eff12d1c532b571876f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 86e13c731610f01aadd537a3a1a821340c19db529ddd6eda9855364236fb65dc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dad1ad5790e307306fd0722ff8f988e812dd8784c56a3eff12d1c532b571876f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                          Function 008D781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bf0c5d85d4cc8f0d1e208b191bff5dcd246949f470313996d0df2de5ff19a2d4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E517C7260C749ABDB38452C886D7BE6795FB12304F18073BD886C7382F619DE01E35A
                                                                                                                                                                                                                                                                                                                                                          Function 008E6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 240633ed17d4946537739c9cf218d10a5727664f13cff4b0e563ae45a7b2f75f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0994fe569f3799799186d9b27e70e4929f5e91fd612ae35f45c41e17efd8f3b6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 240633ed17d4946537739c9cf218d10a5727664f13cff4b0e563ae45a7b2f75f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E322421D2DF814DD7239636D8223356259EFB73C6F25C737E81AB59A5EB29C4835200
                                                                                                                                                                                                                                                                                                                                                          Function 008CCC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f198dd25a9afb2015224dd35ad1e86a36007d5b3cfc28c308fdb54270edc4791
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7505df1af976230bff12d70cf40e6794ce03cdc9b0d3a631a2d131e531c327a4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f198dd25a9afb2015224dd35ad1e86a36007d5b3cfc28c308fdb54270edc4791
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B32F3B2A041158FDF28CB28C494B7D77B5FB45314F288A6AE89EDB2D1D234DD81EB41
                                                                                                                                                                                                                                                                                                                                                          Function 008B7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9818a079f0048a9bd711833b13a8aa46c3c6bb579633981f574b3d0e05f1dd66
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a71168f8a68aaba9aaecc7da0c9e57fcbb8bec8e40a30f4ea3f9fb57750c95ca
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9818a079f0048a9bd711833b13a8aa46c3c6bb579633981f574b3d0e05f1dd66
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD22B0B0A0460A9FDF14CF68D881AEEB7F6FF44314F204629E916EB391EB359950CB51
                                                                                                                                                                                                                                                                                                                                                          Function 008B91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: de4f6b691c753c51e089f85cc066ebaa11eff81a8b3db2aaa581ad2fe2f489c2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ebe6c1b4a62170b43bd3b2d78d953067a68779771b34b3a4ee1a990eeedddf8e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de4f6b691c753c51e089f85cc066ebaa11eff81a8b3db2aaa581ad2fe2f489c2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1602C5B1E00219EBDB04DF64D881BADB7B1FF44304F508169EA56DB3A1E731EA60DB91
                                                                                                                                                                                                                                                                                                                                                          Function 008D1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0dd0757d57e8368d3b10c35b0c015dd5ee2a9db4e4e87cb999431097c5c7a571
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD9157726080A35ADF29463A857C07DFFE1EF923A131A079FD4F2CA2C5EE149954D620
                                                                                                                                                                                                                                                                                                                                                          Function 008D19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: af5f65af464600dbaf6aef946cfb04ff950058a3667be846e0a9a338f64ae379
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 959142722090A35ADF69427A857C03DFFE1EE923B531A079FD4F2CA2C5FE2495549620
                                                                                                                                                                                                                                                                                                                                                          Function 008D7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 335cfa6e4756c7cc48720afe269c8dcb7cf4a45af3e7afedd58a36442c0f11e7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 51e0c1657fbd13c27ccee68f0d88b698cf3d14c9415a3431513168b830fd5f91
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 335cfa6e4756c7cc48720afe269c8dcb7cf4a45af3e7afedd58a36442c0f11e7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34614971208719A6DE349A2C8CA6BBE3394FF41764F140B1BE982DB381FA11DE42C756
                                                                                                                                                                                                                                                                                                                                                          Function 008D7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 49e1a73744db975cfa712c236d5f5d3ae0e8f9e753173553d2146215fcd1d57c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b0bffe500a86ea8789ad62c122708648db38d3bcd97ea7b6ed902bfd101b4a69
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49e1a73744db975cfa712c236d5f5d3ae0e8f9e753173553d2146215fcd1d57c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98616B7160870DA6DE385A2C9855FBF6396FF42B04F100B5BE943DB389FA11ED428256
                                                                                                                                                                                                                                                                                                                                                          Function 008D1706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fbcafff5f1d77d3b5410a18d709c320216b5945bcd8634ed4a7f418b8b4285d9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 218168726090A319DF5D827A857C43EFFE1FE923A131A07AFD4F2CA2D5EE148554E620
                                                                                                                                                                                                                                                                                                                                                          Function 00922046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9dfe1e219e44c844a6bb6cb376168db4a21962c060bcbd39b84ea69bd1776678
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 256b5a7e13a5021864f662c4854fc64437c67813104496977c2b2b08b29415fe
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dfe1e219e44c844a6bb6cb376168db4a21962c060bcbd39b84ea69bd1776678
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C21DA327616158BD728CF79C82367E73E9A754310F25862EE4A7C77D0DE35A904DB80
                                                                                                                                                                                                                                                                                                                                                          Function 00932ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00932B30
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00932B43
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00932B52
                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00932B6D
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00932B74
                                                                                                                                                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00932CA3
                                                                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00932CB1
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00932CF8
                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00932D04
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00932D40
                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00932D62
                                                                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00932D75
                                                                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00932D80
                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00932D89
                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00932D98
                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00932DA1
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00932DA8
                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00932DB3
                                                                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00932DC5
                                                                                                                                                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,0094FC38,00000000), ref: 00932DDB
                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00932DEB
                                                                                                                                                                                                                                                                                                                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00932E11
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00932E30
                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00932E52
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0093303F
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d5d760094d6df5ff0c9c322c4400d4ce6dcfd8030cf1a00c0c9a5afa8cd472b1
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d993e28918c94ace48a76e909798401e6fdde913de7c713ab14db4c5b28c7aec
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5d760094d6df5ff0c9c322c4400d4ce6dcfd8030cf1a00c0c9a5afa8cd472b1
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6027BB5A10205AFDB14DFA4CC89EAE7BB9FB49310F008159F915AB2A1CB74AD01DF60
                                                                                                                                                                                                                                                                                                                                                          Function 009470D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 0094712F
                                                                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00947160
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0094716C
                                                                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,000000FF), ref: 00947186
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00947195
                                                                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 009471C0
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 009471C8
                                                                                                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 009471CF
                                                                                                                                                                                                                                                                                                                                                          • FrameRect.USER32(?,?,00000000), ref: 009471DE
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 009471E5
                                                                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00947230
                                                                                                                                                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 00947262
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00947284
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: GetSysColor.USER32(00000012), ref: 00947421
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: SetTextColor.GDI32(?,?), ref: 00947425
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: GetSysColorBrush.USER32(0000000F), ref: 0094743B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: GetSysColor.USER32(0000000F), ref: 00947446
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: GetSysColor.USER32(00000011), ref: 00947463
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00947471
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: SelectObject.GDI32(?,00000000), ref: 00947482
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: SetBkColor.GDI32(?,00000000), ref: 0094748B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: SelectObject.GDI32(?,?), ref: 00947498
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009474B7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009474CE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009473E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009474DB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c4ae109928a50fe8b4d7b7e12aacc7aeeed5d0f98679aa4f6c9096c3b8cd04d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2118af95ec2ddd47b76586b3d58fab4cb44bc9c494b0304cf11ae89b6faa2f34
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c4ae109928a50fe8b4d7b7e12aacc7aeeed5d0f98679aa4f6c9096c3b8cd04d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3A1D0B601D305BFDB509FA0DC48E6BBBA9FF8A320F100A19F962961E1D774E800DB51
                                                                                                                                                                                                                                                                                                                                                          Function 008C8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?), ref: 008C8E14
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00906AC5
                                                                                                                                                                                                                                                                                                                                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00906AFE
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00906F43
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008C8BE8,?,00000000,?,?,?,?,008C8BBA,00000000,?), ref: 008C8FC5
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053), ref: 00906F7F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00906F96
                                                                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00906FAC
                                                                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00906FB7
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d0a1edbc10063eb8533dd060f9ca597d67f76069a38adc120f6d998e5462d911
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 30ef5c6ad431d851f506cc0b2fa875beeb5e70a86a765a188edd16ccde8471e6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0a1edbc10063eb8533dd060f9ca597d67f76069a38adc120f6d998e5462d911
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2127A74209211EFDB25CF14D854FAABBB9FB45300F14446DF599CB2A2CB32E862DB91
                                                                                                                                                                                                                                                                                                                                                          Function 00932711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 0093273E
                                                                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0093286A
                                                                                                                                                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 009328A9
                                                                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 009328B9
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00932900
                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 0093290C
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00932955
                                                                                                                                                                                                                                                                                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00932964
                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00932974
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00932978
                                                                                                                                                                                                                                                                                                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00932988
                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00932991
                                                                                                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0093299A
                                                                                                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009329C6
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 009329DD
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00932A1D
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00932A31
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 00932A42
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00932A77
                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00932A82
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00932A8D
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00932A97
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 025ebffa659cab0d1af0ea3049bc19b1280dfe7af75d1f2b1bd3544c1599abb5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 89359d82c35fde552cd7223ad5cacf7e60a312f499fb2b8d50c046029854207c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 025ebffa659cab0d1af0ea3049bc19b1280dfe7af75d1f2b1bd3544c1599abb5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FB16CB5A10215AFEB14DFA8CC4AFAE7BA9FB49710F008515F915E72A0D770AD40CFA4
                                                                                                                                                                                                                                                                                                                                                          Function 00924ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00924AED
                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,0094CB68,?,\\.\,0094CC08), ref: 00924BCA
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,0094CB68,?,\\.\,0094CC08), ref: 00924D36
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb4fcb05b3be593489f1699044094ff53b323f8db16cc3ff6f0f9522d943cdee
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 179308d62f8aaac18666c007a94dde3f6bfaec6fdd92a908c05ba04a9bbf752f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb4fcb05b3be593489f1699044094ff53b323f8db16cc3ff6f0f9522d943cdee
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7961F4317056159FCB14DF2CEA81DED77A0EB84304B248416F88AAB39ADB35ED41DB42
                                                                                                                                                                                                                                                                                                                                                          Function 009473E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00947421
                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 00947425
                                                                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0094743B
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00947446
                                                                                                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 0094744B
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 00947463
                                                                                                                                                                                                                                                                                                                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00947471
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00947482
                                                                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 0094748B
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00947498
                                                                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 009474B7
                                                                                                                                                                                                                                                                                                                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009474CE
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 009474DB
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0094752A
                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00947554
                                                                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 00947572
                                                                                                                                                                                                                                                                                                                                                          • DrawFocusRect.USER32(?,?), ref: 0094757D
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 0094758E
                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00947596
                                                                                                                                                                                                                                                                                                                                                          • DrawTextW.USER32(?,009470F5,000000FF,?,00000000), ref: 009475A8
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 009475BF
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 009475CA
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 009475D0
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 009475D5
                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 009475DB
                                                                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 009475E5
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f712f6f616b9a0e319e1143c7f79609a338674132d489d6c8a37bedf40c0a427
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1ab33adffe3aabf3758b7c6b4070c97dc97b6ed6f38fc212d81f497b8598920f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f712f6f616b9a0e319e1143c7f79609a338674132d489d6c8a37bedf40c0a427
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4618AB6909218AFDF009FA4DC48EAEBFB9EB09320F114515FA15BB2A1D7749940DF90
                                                                                                                                                                                                                                                                                                                                                          Function 00940FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00941128
                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0094113D
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00941144
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00941199
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 009411B9
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009411ED
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0094120B
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0094121D
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 00941232
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00941245
                                                                                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 009412A1
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009412BC
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009412D0
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 009412E8
                                                                                                                                                                                                                                                                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 0094130E
                                                                                                                                                                                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00941328
                                                                                                                                                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 0094133F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 009413AA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                          • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 335425e7da3b83c61c23b8b0d4b4a6b6c59589e07bed585bd3c69fa44f27efe4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d77ee26ba04e13274cfffd0477daf4e9af92af608b660ae76ab689dab97fa3ce
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 335425e7da3b83c61c23b8b0d4b4a6b6c59589e07bed585bd3c69fa44f27efe4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EB18D71608341AFD754DF64C884FAABBE8FF89354F008918F999DB261D771E884CB92
                                                                                                                                                                                                                                                                                                                                                          Function 00940241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 009402E5
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0094031F
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00940389
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009403F1
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00940475
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 009404C5
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00940504
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CF9F2: _wcslen.LIBCMT ref: 008CF9FD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00912258
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0091228A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f521670a09cc55f306da5f77bec36ba3193fa8832741c201b38c4d83672bb948
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2ed065a2224e3aa8b3962ed7d4e4b3c38e6e8a5852d1d68914f1458b11fb3be6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f521670a09cc55f306da5f77bec36ba3193fa8832741c201b38c4d83672bb948
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83E18C312182018BC724DF28C451D6AB7EAFFC8714F148A6DF9969B3A1DB30ED45CB42
                                                                                                                                                                                                                                                                                                                                                          Function 008C8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008C8968
                                                                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000007), ref: 008C8970
                                                                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008C899B
                                                                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 008C89A3
                                                                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 008C89C8
                                                                                                                                                                                                                                                                                                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008C89E5
                                                                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008C89F5
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 008C8A28
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 008C8A3C
                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 008C8A5A
                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 008C8A76
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 008C8A81
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C912D: GetCursorPos.USER32(?), ref: 008C9141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C912D: ScreenToClient.USER32(00000000,?), ref: 008C915E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C912D: GetAsyncKeyState.USER32(00000001), ref: 008C9183
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C912D: GetAsyncKeyState.USER32(00000002), ref: 008C919D
                                                                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(00000000,00000000,00000028,008C90FC), ref: 008C8AA8
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 316ac665598c0a337b4614747517a1e943f483c2dbdeb7120e0ceddacfbcfd0f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 22970358214df1dbaf227a08ab6886fe3dd46cefd2efde029897bbfa247f38a4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 316ac665598c0a337b4614747517a1e943f483c2dbdeb7120e0ceddacfbcfd0f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67B16875A0420AEFDB14DFA8D845FAE3BB9FB48314F104229FA15EB290DB34E841DB55
                                                                                                                                                                                                                                                                                                                                                          Function 00910D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00911114
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 00911120
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 0091112F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 00911136
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0091114D
                                                                                                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00910DF5
                                                                                                                                                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00910E29
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00910E40
                                                                                                                                                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00910E7A
                                                                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00910E96
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00910EAD
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00910EB5
                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00910EBC
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00910EDD
                                                                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00910EE4
                                                                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00910F13
                                                                                                                                                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00910F35
                                                                                                                                                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00910F47
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00910F6E
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00910F75
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00910F7E
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00910F85
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00910F8E
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00910F95
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00910FA1
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00910FA8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911193: GetProcessHeap.KERNEL32(00000008,00910BB1,?,00000000,?,00910BB1,?), ref: 009111A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00910BB1,?), ref: 009111A8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00910BB1,?), ref: 009111B7
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 13094d8cfad6c6e82f3db1dd3bb4f5250f7308bcc06a2b6a6ee4d5eb24ce2a40
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 96349f1a2bddc7c212eccaae54785e467d83c091e6bebef3d7afb44361632b1e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13094d8cfad6c6e82f3db1dd3bb4f5250f7308bcc06a2b6a6ee4d5eb24ce2a40
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88718CB2A0520AEFDF209FA5DC45FEEBBBCBF49300F044115F919A6291D7719986CB60
                                                                                                                                                                                                                                                                                                                                                          Function 0093C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0093C4BD
                                                                                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,0094CC08,00000000,?,00000000,?,?), ref: 0093C544
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0093C5A4
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0093C5F4
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0093C66F
                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0093C6B2
                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0093C7C1
                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0093C84D
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0093C881
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0093C88E
                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0093C960
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e22cbd22bd649770168f57b4e667c3b3c71a2b9733c108377790ee7587b237d4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d2ee73f054809de4216bdf3c2ead97ac2eabfe36aa0a3cb9fd27ce7b427b84c6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e22cbd22bd649770168f57b4e667c3b3c71a2b9733c108377790ee7587b237d4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A1248756046019FDB14DF18C881A6AB7E5FF88714F14885DF88AAB3A2DB31ED41CB92
                                                                                                                                                                                                                                                                                                                                                          Function 0094091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 009409C6
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00940A01
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00940A54
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00940A8A
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00940B06
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00940B81
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CF9F2: _wcslen.LIBCMT ref: 008CF9FD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00912BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00912BFA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ce052156a5a12a58408065aced76e541b7b9de2034286d54a3e7e19cf77d3a3e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ecd266935fa5a030d998d671e88f461278d4548c2b04a730fdea4d5377357cba
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce052156a5a12a58408065aced76e541b7b9de2034286d54a3e7e19cf77d3a3e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFE159356083019FCB24DF28C45196AB7E5FFD8314B14895DF99A9B3A2D730ED49CB82
                                                                                                                                                                                                                                                                                                                                                          Function 0093C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d33262461b86a5936fcfabd444b4a67c112f2cc326b7918624b2ee1e08d9531d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 740f8382df6826b6ab68b5de204a21803e490d871c62bf09cffd911a382b6573
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d33262461b86a5936fcfabd444b4a67c112f2cc326b7918624b2ee1e08d9531d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 787114B360092A8BCB20DF7CCD515BE73A9AF60750F214528F896F7284EA35CD45CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 0094833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0094835A
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0094836E
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00948391
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009483B4
                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009483F2
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00945BF2), ref: 0094844E
                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00948487
                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009484CA
                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00948501
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0094850D
                                                                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0094851D
                                                                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(?,?,?,?,?,00945BF2), ref: 0094852C
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00948549
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00948555
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 719cc72acbef11c60ebd722653c5f5b490808bada2ae09b147e3fb17da1ba9d8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 848695fbffc4d9b662a2e116f558e61b8d01fd1a4062912ff9c81f1a8527e15c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 719cc72acbef11c60ebd722653c5f5b490808bada2ae09b147e3fb17da1ba9d8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0561CDB1954215BEEB149F64CC81FBF77ACFB04B11F10464AF815D61E1DB74AA80DBA0
                                                                                                                                                                                                                                                                                                                                                          Function 008B7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8fbe21ac16288ac4776551b63f035f12f9b3644ade1f8dc2f817f31e47bb7bca
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4c8d4a5e4d07cd2d469ab7ca7fffd26b9c3711981a838baed225b8be9c3603e6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fbe21ac16288ac4776551b63f035f12f9b3644ade1f8dc2f817f31e47bb7bca
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B281D571644709BBDB20AF64CC42FFE37A9FF95304F044025FA05EA292EB70D951D6A6
                                                                                                                                                                                                                                                                                                                                                          Function 00915A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00915A2E
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00915A40
                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00915A57
                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00915A6C
                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00915A72
                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00915A82
                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00915A88
                                                                                                                                                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00915AA9
                                                                                                                                                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00915AC3
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00915ACC
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00915B33
                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00915B6F
                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00915B75
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00915B7C
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00915BD3
                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00915BE0
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 00915C05
                                                                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00915C2F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 04e54548992f8cbfd1acfd2336a2167a60cfa45c02f449164c3336e6c18fc0ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aeea743942a38160cf0c726214c565e0adc62fa6f610bbfe8b8af7e75067f5f6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04e54548992f8cbfd1acfd2336a2167a60cfa45c02f449164c3336e6c18fc0ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89718171A04B09EFDB20DFA8CD85EAEBBF5FF88704F124918E542A25A0D775E940DB50
                                                                                                                                                                                                                                                                                                                                                          Function 008D00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008D00C6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0098070C,00000FA0,A0905696,?,?,?,?,008F23B3,000000FF), ref: 008D011C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008F23B3,000000FF), ref: 008D0127
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008F23B3,000000FF), ref: 008D0138
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 008D014E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008D015C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008D016A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008D0195
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008D01A0
                                                                                                                                                                                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 008D00E7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00A3: __onexit.LIBCMT ref: 008D00A9
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • InitializeConditionVariable, xrefs: 008D0148
                                                                                                                                                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 008D0154
                                                                                                                                                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008D0122
                                                                                                                                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 008D0133
                                                                                                                                                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 008D0162
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 233c06fc4125ccc6fb0133419a5a5b11d26f128d20f8e858a306da1653d5775f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 51c2367cbcc333e0579bde1bcad8121e18888830741e306b9f6cd14f152b36b1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 233c06fc4125ccc6fb0133419a5a5b11d26f128d20f8e858a306da1653d5775f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8021F972A5D7116FEB506B64AC05F6A33E4FB85B55F00023AF905D73D1DB749C009E91
                                                                                                                                                                                                                                                                                                                                                          Function 009130F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b755815b108b2fd40f792ed5400e881b7541e7724d517c7de778b261b732da8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ecae097773064ad6045869405c72cab7cb7652ccafaac3589361563373d21e0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b755815b108b2fd40f792ed5400e881b7541e7724d517c7de778b261b732da8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60E1E532B0051AABDB189F78C451BEDBBB9FF44710F54C629E46AE7250DB30AEC58790
                                                                                                                                                                                                                                                                                                                                                          Function 009244C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CharLowerBuffW.USER32(00000000,00000000,0094CC08), ref: 00924527
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0092453B
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00924599
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009245F4
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0092463F
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009246A7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CF9F2: _wcslen.LIBCMT ref: 008CF9FD
                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,00976BF0,00000061), ref: 00924743
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1d7a5d88b92daed9a40d8bacf1068d714d97a5d61fdd80d415b8afb0ae38cb90
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 121d5d9113a0ffbd8267b2ab227104c181dbca2ac22209b93a9dd30f598af83d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d7a5d88b92daed9a40d8bacf1068d714d97a5d61fdd80d415b8afb0ae38cb90
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FB1E2316083229FC710DF28E890A6AB7E9FFA5720F50491DF5A6C7399E730D844CB92
                                                                                                                                                                                                                                                                                                                                                          Function 008B326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00981990), ref: 008F2F8D
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00981990), ref: 008F303D
                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 008F3081
                                                                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 008F308A
                                                                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(00981990,00000000,?,00000000,00000000,00000000), ref: 008F309D
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008F30A9
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 43a57c6de2b6bed5800d01ccc5d7b418a6ed147e1dedb7e1d001a16043c5143e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7f10000aa3026380995c522a1f9fe6f2b3c72d72fc21c85e71b648a290f8f255
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43a57c6de2b6bed5800d01ccc5d7b418a6ed147e1dedb7e1d001a16043c5143e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF71FB70644209BEEB258F78CC49FEABF65FF45364F204216F614E62D1CBB1A950DB50
                                                                                                                                                                                                                                                                                                                                                          Function 00946CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,?), ref: 00946DEB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00946E5F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00946E81
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00946E94
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00946EB5
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,008B0000,00000000), ref: 00946EE4
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00946EFD
                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00946F16
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00946F1D
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00946F35
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00946F4D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9944: GetWindowLongW.USER32(?,000000EB), ref: 008C9952
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c20b0e7dd0946c1968d85798562c32e9858b4b22440870c69b4d079caa88d8ba
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 31657bb88947146a70f0050b9836c282aaa23c6ff3d0b73a1b30f9b817a9b4e4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c20b0e7dd0946c1968d85798562c32e9858b4b22440870c69b4d079caa88d8ba
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 057168B4108341AFDB25CF18D844EAABBF9FB8A304F04495DF99987261D771A90ADB12
                                                                                                                                                                                                                                                                                                                                                          Function 0094911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008C9BB2
                                                                                                                                                                                                                                                                                                                                                          • DragQueryPoint.SHELL32(?,?), ref: 00949147
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00947674: ClientToScreen.USER32(?,?), ref: 0094769A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00947674: GetWindowRect.USER32(?,?), ref: 00947710
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00947674: PtInRect.USER32(?,?,00948B89), ref: 00947720
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 009491B0
                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009491BB
                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009491DE
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00949225
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 0094923E
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00949255
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00949277
                                                                                                                                                                                                                                                                                                                                                          • DragFinish.SHELL32(?), ref: 0094927E
                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00949371
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2b095bda26dc70eb1699ae29dbc3859243df9e1b789a8e326e57e6c159b46bd2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2df56cb6096cee17d3aaeef46757d82a882b6d1ed079f63dc32a46a3b359129f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b095bda26dc70eb1699ae29dbc3859243df9e1b789a8e326e57e6c159b46bd2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E613771108301AFD705EF64DC85DAFBBE8FF89750F004A2EF595922A1DB709A49CB52
                                                                                                                                                                                                                                                                                                                                                          Function 0092C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0092C4B0
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0092C4C3
                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0092C4D7
                                                                                                                                                                                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0092C4F0
                                                                                                                                                                                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0092C533
                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0092C549
                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0092C554
                                                                                                                                                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0092C584
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0092C5DC
                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0092C5F0
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0092C5FB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e4b015c9bec8a790e707920820424fdac1f59c4c60902f3626f94c7c1c1bbec
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bfd94a95cee6b8178e4d2587cfa681eb55168ec73713926d568dbc953685ba08
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e4b015c9bec8a790e707920820424fdac1f59c4c60902f3626f94c7c1c1bbec
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD516AF4505619BFEB219F60D988EAF7BFCFF09344F00441AF94596214DB74E904AB60
                                                                                                                                                                                                                                                                                                                                                          Function 0094856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00948592
                                                                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009485A2
                                                                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009485AD
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009485BA
                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 009485C8
                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009485D7
                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 009485E0
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009485E7
                                                                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009485F8
                                                                                                                                                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0094FC38,?), ref: 00948611
                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00948621
                                                                                                                                                                                                                                                                                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00948641
                                                                                                                                                                                                                                                                                                                                                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00948671
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00948699
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009486AF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e4a43a02140427072951117556959c6342a8c0624bce95039d971ddeca4b8be
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b40a9a1019ac063548265848b3886b4fb649e8aed83f47b8467f36f5cd8e7bb0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e4a43a02140427072951117556959c6342a8c0624bce95039d971ddeca4b8be
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF4129B9615204AFDB519FA5CC48EAF7BBCEF8A715F108058F915E7260DB709901DB20
                                                                                                                                                                                                                                                                                                                                                          Function 009214BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00921502
                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0092150B
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00921517
                                                                                                                                                                                                                                                                                                                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009215FB
                                                                                                                                                                                                                                                                                                                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 00921657
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00921708
                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0092178C
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 009217D8
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 009217E7
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00921823
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 80724f2347ba31e681ab632e329ded4603979714753495721ec50dc4a4b27b83
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c3e65398fb48c6ddba5b28970064d4bcad90d8cb9668eb71ac65b1b4209ac1e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80724f2347ba31e681ab632e329ded4603979714753495721ec50dc4a4b27b83
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38D11171A00225DBDB009F69E884FBDB7B9FF54700F10849AF506AB299DB34DC61DB62
                                                                                                                                                                                                                                                                                                                                                          Function 0093B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0093B6AE,?,?), ref: 0093C9B5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093C9F1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093CA68
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093CA9E
                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0093B6F4
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0093B772
                                                                                                                                                                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 0093B80A
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0093B87E
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0093B89C
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0093B8F2
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0093B904
                                                                                                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0093B922
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0093B983
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0093B994
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0651bff8c8658dde34bc96b84fed39d48da9f0df360901e1cfbfb34c2fdec89c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1b0360247b1570ee130d8c6c94ac6277e775068936bd2616c2e36f5da67c2f83
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0651bff8c8658dde34bc96b84fed39d48da9f0df360901e1cfbfb34c2fdec89c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97C16934208201AFD714DF18C495F6ABBE9FF84318F14849CE59A8B3A2CB75E945CF92
                                                                                                                                                                                                                                                                                                                                                          Function 0093255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 009325D8
                                                                                                                                                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 009325E8
                                                                                                                                                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 009325F4
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00932601
                                                                                                                                                                                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0093266D
                                                                                                                                                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 009326AC
                                                                                                                                                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 009326D0
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 009326D8
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 009326E1
                                                                                                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 009326E8
                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 009326F3
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fa940cc69450e8c4b602ae37f24261321c04a8a15a4fe48912ffa858da9c0998
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c27e67ba51e6d0a3235c8678a4feaedc9bf157436f3f41b825d651d67404ee9d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa940cc69450e8c4b602ae37f24261321c04a8a15a4fe48912ffa858da9c0998
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A86102B5D04219EFCF14CFA8D885EAEBBB6FF48310F20852AE956A7250D770A941DF50
                                                                                                                                                                                                                                                                                                                                                          Function 008EDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 008EDAA1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED659
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED66B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED67D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED68F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED6A1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED6B3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED6C5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED6D7
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED6E9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED6FB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED70D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED71F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED63C: _free.LIBCMT ref: 008ED731
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDA96
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000), ref: 008E29DE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: GetLastError.KERNEL32(00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000,00000000), ref: 008E29F0
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDAB8
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDACD
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDAD8
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDAFA
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDB0D
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDB1B
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDB26
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDB5E
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDB65
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDB82
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EDB9A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 933a373dcad771a410c4fa357b83a84773e048418aa04de26e4e0cbbdc33b87c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f6db0d1c2d032e0e3a1bdb3643fb11eb34eaf4d9eaaee0a46359f72c795a5c29
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 933a373dcad771a410c4fa357b83a84773e048418aa04de26e4e0cbbdc33b87c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06318232604388AFDB21AA3AD846F5A7BE8FF42320F115429F458D7192EF35ED44C721
                                                                                                                                                                                                                                                                                                                                                          Function 0091365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0091369C
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009136A7
                                                                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00913797
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 0091380C
                                                                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 0091385D
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00913882
                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 009138A0
                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000), ref: 009138A7
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00913921
                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 0091395D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 867c55f4ea1be0c6b78ff00920a4c2595f469d295463bab3bf3d85d1cc2811dd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7dac4f239da037e9c6f4ea40bb1c9a9cb00e18921c3f89a6b80e62011cb651d0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 867c55f4ea1be0c6b78ff00920a4c2595f469d295463bab3bf3d85d1cc2811dd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15918C7130560AEFD719DF24C885FEAB7A9FF44350F008629F999D2190DB30AA95CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 00914954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00914994
                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 009149DA
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009149EB
                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 009149F7
                                                                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00914A2C
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00914A64
                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00914A9D
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00914AE6
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00914B20
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00914B8B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                          • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 03185400b10031263cbb8ee278da92d72edebd1b3bcba1280b05c3a2e8ba2bd4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8e6125bb2ada47626e176df3026b056907d3996598adcb27af37e41ca0869590
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03185400b10031263cbb8ee278da92d72edebd1b3bcba1280b05c3a2e8ba2bd4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2919F712482099FDB04CF14C985FEA77ACFF88354F04846AFD859A195DB30ED85CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 00948D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008C9BB2
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00948D5A
                                                                                                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00948D6A
                                                                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 00948D75
                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00948E1D
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00948ECF
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 00948EEC
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 00948EFC
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00948F2E
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00948F70
                                                                                                                                                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00948FA1
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bd8e7ac98c3d8c045ad7437963182db8885c324b1b8050878654377f5e3426cd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b00df5dd67352a168f8e9586837918ab4cf2cdecd9e0743330b6a5f43de422dd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd8e7ac98c3d8c045ad7437963182db8885c324b1b8050878654377f5e3426cd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB81AD71508301AFDB20DF24D884EAFBBE9FB89714F040A59F98497291DB30D905DBA2
                                                                                                                                                                                                                                                                                                                                                          Function 0091DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0091DC20
                                                                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0091DC46
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0091DC50
                                                                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0091DCA0
                                                                                                                                                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0091DCBC
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e1c1ad721b17b37c1c407539bf34958d337813ea3b55fb6656ffdefe8ee4ceb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6df8bbf99c6618de790b41ba1eacf55dff1887261aea0c27aae8e3c99c81b16c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e1c1ad721b17b37c1c407539bf34958d337813ea3b55fb6656ffdefe8ee4ceb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C410472A412047AEB00A769AC43EFF377CEF52710F10456AFA05E6283EB74D90097A6
                                                                                                                                                                                                                                                                                                                                                          Function 0093CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0093CC64
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0093CC8D
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0093CD48
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0093CCAA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0093CCBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0093CCCF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0093CD05
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0093CD28
                                                                                                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0093CCF3
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fe54016dff0cbddff6b4351aad871d89c21ba9446945ffe7153db4533a463ffa
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 63312579d9b07fc4a49f35ffc86f657e9078b1656e585812a00884563e3e66fa
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe54016dff0cbddff6b4351aad871d89c21ba9446945ffe7153db4533a463ffa
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A318EB5902128BFDB208B90DC88EFFBB7CEF46740F000565B915E2240DB349A45EBA0
                                                                                                                                                                                                                                                                                                                                                          Function 00923D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00923D40
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00923D6D
                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00923D9D
                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00923DBE
                                                                                                                                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 00923DCE
                                                                                                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00923E55
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00923E60
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00923E6B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 170786197b187ce2dc79902ec4f6824ed576f45464b28cd7460e0f4e6519f11d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7a8aa726a6e8b72a8878e83547750e31901b1841f5b92bbf4a66d4b6d861d6b8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 170786197b187ce2dc79902ec4f6824ed576f45464b28cd7460e0f4e6519f11d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C31B4B6A14219ABDB209FA4DC49FEF37BCEF89700F1081B5F509D61A4E77497448B24
                                                                                                                                                                                                                                                                                                                                                          Function 0091E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0091E6B4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CE551: timeGetTime.WINMM(?,?,0091E6D4), ref: 008CE555
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0091E6E1
                                                                                                                                                                                                                                                                                                                                                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0091E705
                                                                                                                                                                                                                                                                                                                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0091E727
                                                                                                                                                                                                                                                                                                                                                          • SetActiveWindow.USER32 ref: 0091E746
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0091E754
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0091E773
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000000FA), ref: 0091E77E
                                                                                                                                                                                                                                                                                                                                                          • IsWindow.USER32 ref: 0091E78A
                                                                                                                                                                                                                                                                                                                                                          • EndDialog.USER32(00000000), ref: 0091E79B
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9bbf3d59395688b5d3f5d262f032886e4b4e338cff4ff71e2a325c20440f82a7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f3a3881233ffba06540dbd4470a5d21de535af9d249d44d2505ab53739cc0430
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bbf3d59395688b5d3f5d262f032886e4b4e338cff4ff71e2a325c20440f82a7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 562196B4329209AFFB005F20EC89F693BADF796789F544426FD15812A1EB71AC40AB14
                                                                                                                                                                                                                                                                                                                                                          Function 0091E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0091EA5D
                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0091EA73
                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0091EA84
                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0091EA96
                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0091EAA7
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 20cfc01c9a0b1179922da23373e7825fadc7a57a10716784a93e985f62075e61
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2613ae6e384c827ef52ef0152056235d3b53dd6c500d6232eaa6e4a1865463d2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20cfc01c9a0b1179922da23373e7825fadc7a57a10716784a93e985f62075e61
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8119E32A9022D79D720A7A5DC4AEFF6EBCFFD1F04F404429B905E21D1EAB00A48C5B1
                                                                                                                                                                                                                                                                                                                                                          Function 00915CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00915CE2
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00915CFB
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00915D59
                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00915D69
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00915D7B
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00915DCF
                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00915DDD
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00915DEF
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00915E31
                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00915E44
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00915E5A
                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00915E67
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f131f18abdc15d68a585e1e62b65a352d7f37bd19bfbb3c9db4ee7ecd65ceeb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 13b2b4b29ee5adec68e2f447550c7efd6e2d39157bbc35446db2c2fca972a0ee
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f131f18abdc15d68a585e1e62b65a352d7f37bd19bfbb3c9db4ee7ecd65ceeb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD512FB4B10609AFDF18CF68DD89EAE7BB9FB89300F518129F915E6290D7709E40CB50
                                                                                                                                                                                                                                                                                                                                                          Function 008C8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008C8BE8,?,00000000,?,?,?,?,008C8BBA,00000000,?), ref: 008C8FC5
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 008C8C81
                                                                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(00000000,?,?,?,?,008C8BBA,00000000,?), ref: 008C8D1B
                                                                                                                                                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00906973
                                                                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,008C8BBA,00000000,?), ref: 009069A1
                                                                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,008C8BBA,00000000,?), ref: 009069B8
                                                                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,008C8BBA,00000000), ref: 009069D4
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 009069E6
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1feb739dc8674761aab8e407479833d0d5fcdde66e63fc8e2a7aa9610841dd47
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cf2ac524c7c46c20db28ff975ebe1a8f0ac7ede49ab4cfaa07b01391380e66ac
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1feb739dc8674761aab8e407479833d0d5fcdde66e63fc8e2a7aa9610841dd47
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9619831126604DFCB659F18E948F2A77F5FB51316F10451CE0429BAA0CB36ED91EFA4
                                                                                                                                                                                                                                                                                                                                                          Function 008C9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9944: GetWindowLongW.USER32(?,000000EB), ref: 008C9952
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 008C9862
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8abcebf84426082352b2913c967b3941b472d5ea6b38057163db60296ef89c21
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b3606874a411e36665b2bedf7ead19bd725ee69b4e0e216b9248873f05304f30
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8abcebf84426082352b2913c967b3941b472d5ea6b38057163db60296ef89c21
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE418D75509644AEDB205B389C88FB93BB9FB07330F1446A9F9E2871E2C631D942EB10
                                                                                                                                                                                                                                                                                                                                                          Function 009196E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,008FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00919717
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,008FF7F8,00000001), ref: 00919720
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,008FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00919742
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,008FF7F8,00000001), ref: 00919745
                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00919866
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cfdd0bb5905f9c4894606ffc16a214a741f290f5678ccfafcecbd59fb5d8693e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 25f11b5e6a99159ca11f519a1fd2a0adcd74f6cc813f81cb829b88bd119059a6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfdd0bb5905f9c4894606ffc16a214a741f290f5678ccfafcecbd59fb5d8693e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83414E7290420DAACB04EBE4DD96EEE7778FF55340F600065F605B2292EB356F48CB62
                                                                                                                                                                                                                                                                                                                                                          Function 009106DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 009107A2
                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 009107BE
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 009107DA
                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00910804
                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0091082C
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00910837
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0091083C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: de5b63c9a8ddcca69bcf3e3b21cd8d2b822ba9590bbb86f1462b3c2c94b946f1
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 620eeb1db251db7af7df526cff2c6382ab9e5a69724d69ad68662a4949950296
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de5b63c9a8ddcca69bcf3e3b21cd8d2b822ba9590bbb86f1462b3c2c94b946f1
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C412772D1422CABDF15EBA8DC85CEEB778FF44350F454129E901A32A1EB71AE44CB91
                                                                                                                                                                                                                                                                                                                                                          Function 00933C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00933C5C
                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00933C8A
                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00933C94
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00933D2D
                                                                                                                                                                                                                                                                                                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 00933DB1
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 00933ED5
                                                                                                                                                                                                                                                                                                                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00933F0E
                                                                                                                                                                                                                                                                                                                                                          • CoGetObject.OLE32(?,00000000,0094FB98,?), ref: 00933F2D
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 00933F40
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00933FC4
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00933FD8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3f8b9fca903b76fb7fb6a55c4129fe7a977bbf08bd2f8ccc56bfc419ec0c6f02
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5108326af5830df350e3af5903c74368825fe00762d854160e59cef3aed1c389
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f8b9fca903b76fb7fb6a55c4129fe7a977bbf08bd2f8ccc56bfc419ec0c6f02
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77C134B16083059FD710DF68C88492BBBE9FF89744F10891DF98A9B260D731EE45CB52
                                                                                                                                                                                                                                                                                                                                                          Function 00927A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00927AF3
                                                                                                                                                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00927B8F
                                                                                                                                                                                                                                                                                                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 00927BA3
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0094FD08,00000000,00000001,00976E6C,?), ref: 00927BEF
                                                                                                                                                                                                                                                                                                                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00927C74
                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?), ref: 00927CCC
                                                                                                                                                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00927D57
                                                                                                                                                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00927D7A
                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00927D81
                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00927DD6
                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00927DDC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fdaeb6881da0a6be64b8eb88391f27d9ab93b854477a63dd156f60e012287312
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 512265143451543a00779141f8f23b14a2d4a8e039b1879edbd0841eb86ebf9b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdaeb6881da0a6be64b8eb88391f27d9ab93b854477a63dd156f60e012287312
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBC13C75A04119AFCB14DFA4D894DAEBBF9FF48304B148499E81AEB361D730ED41CB90
                                                                                                                                                                                                                                                                                                                                                          Function 0094541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00945504
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00945515
                                                                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(00000158), ref: 00945544
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00945585
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0094559B
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009455AC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2c58ea0b2a77a18a6d0836f08aa18929ad72023938182ae44f211bb65265f9a6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4c86d17ecff5a692c382875c7e83861b030dee82908072e9ba44f2e0c36b0885
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c58ea0b2a77a18a6d0836f08aa18929ad72023938182ae44f211bb65265f9a6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C61B074904609EFDF109FE4CC84EFE7BB9EB06320F118545F925AB2A2D7748A80DB60
                                                                                                                                                                                                                                                                                                                                                          Function 0090FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0090FAAF
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 0090FB08
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0090FB1A
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 0090FB3A
                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0090FB8D
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 0090FBA1
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0090FBB6
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 0090FBC3
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0090FBCC
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0090FBDE
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0090FBE9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e1355b59f68096b209139062e15aeeadb2c6a4dfe77862d95c6e1bda986803fb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 27a03bbe8f6a1482a36d235131daccb5838695250d0188546e6b5b7af648de7f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1355b59f68096b209139062e15aeeadb2c6a4dfe77862d95c6e1bda986803fb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6415175A04219DFCB14DF68D864DADBBB9FF48354F008069F905A72A1DB34EA45CFA0
                                                                                                                                                                                                                                                                                                                                                          Function 00919C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00919CA1
                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00919D22
                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 00919D3D
                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00919D57
                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 00919D6C
                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00919D84
                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00919D96
                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 00919DAE
                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 00919DC0
                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00919DD8
                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 00919DEA
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0f7d3d7fdb9449eb377e8844783918134112258e939878d1f8516237c2eaa9f6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f626d122b572d0905f7537e860964a2c903d391713a577112a4ebc4f4a465cb8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f7d3d7fdb9449eb377e8844783918134112258e939878d1f8516237c2eaa9f6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C41E8387087CD6DFF308760D4243F5BEE86B12304F08805AEAC6566C2D7A499C4C7A2
                                                                                                                                                                                                                                                                                                                                                          Function 0093055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • WSAStartup.WSOCK32(00000101,?), ref: 009305BC
                                                                                                                                                                                                                                                                                                                                                          • inet_addr.WSOCK32(?), ref: 0093061C
                                                                                                                                                                                                                                                                                                                                                          • gethostbyname.WSOCK32(?), ref: 00930628
                                                                                                                                                                                                                                                                                                                                                          • IcmpCreateFile.IPHLPAPI ref: 00930636
                                                                                                                                                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009306C6
                                                                                                                                                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009306E5
                                                                                                                                                                                                                                                                                                                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 009307B9
                                                                                                                                                                                                                                                                                                                                                          • WSACleanup.WSOCK32 ref: 009307BF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                          • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bfae51c5735ed47266177c73376bba5007296a5d541cc873e3359176f5cb5ff
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bf0f70020e587dc472a91b35e0bd1af5e66c5fd6b38536b94b34c43f4af100d2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bfae51c5735ed47266177c73376bba5007296a5d541cc873e3359176f5cb5ff
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C917C756082019FD320DF19C899F1ABBE4EF84318F1485A9F46A8B7A2C774ED45CF92
                                                                                                                                                                                                                                                                                                                                                          Function 00938CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f4306d2d6b1ac969d8975100c2f66d465e854ab4708188b96689531849ef143
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d9a8f771a1aee89f8e9baf771597dbb325de3965381226219fef7133ad17ac7a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f4306d2d6b1ac969d8975100c2f66d465e854ab4708188b96689531849ef143
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09518F32A042169BCB24EF6CC9509BFB7A9BF64724F214629F426E73C4DB35DD408B91
                                                                                                                                                                                                                                                                                                                                                          Function 0093372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32 ref: 00933774
                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 0093377F
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,0094FB78,?), ref: 009337D9
                                                                                                                                                                                                                                                                                                                                                          • IIDFromString.OLE32(?,?), ref: 0093384C
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 009338E4
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00933936
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a22ca6faa39551ccaf7433411713b4ddac8a9d4178c7c6e4f751ef88654c7b1d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bbb5dfd01e0e331168aa3200e1b57f317c3a2d4e5415dd2a22a67c8fdca19334
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a22ca6faa39551ccaf7433411713b4ddac8a9d4178c7c6e4f751ef88654c7b1d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F619DB5648301AFD310DF54C889F5AB7E8EF89714F008919F9859B291C774EE48CB92
                                                                                                                                                                                                                                                                                                                                                          Function 00928195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00928257
                                                                                                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00928267
                                                                                                                                                                                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00928273
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00928310
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00928324
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00928356
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0092838C
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00928395
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fc405808ecf0982d450abfe419baa7da1d60cea17cb9d6f70a9a180a51dbc53f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a8fdb3670f0a3b70f268716afafd5dd687d0ed9bc67c5aba1a24aef52403a633
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc405808ecf0982d450abfe419baa7da1d60cea17cb9d6f70a9a180a51dbc53f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 886146B25083159FCB10EF64D8409AFB3E8FF89314F04892AF999C7251EB75E945CB92
                                                                                                                                                                                                                                                                                                                                                          Function 00923388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009233CF
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009233F0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f9869c744ed566af487f1d4b2f86dfc0d67ea73974ef5ffef698149b18c2d1f0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 377071cd2b1f8b5f8ea9b51cb3a4bf3480b321f666393c67e0253b50c79a09b8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9869c744ed566af487f1d4b2f86dfc0d67ea73974ef5ffef698149b18c2d1f0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D351B372904219AADF14EBA4DD52EEEB778FF04304F108065F109B2262EB356F58DB61
                                                                                                                                                                                                                                                                                                                                                          Function 0091B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7ea73b1f036d05827b99c74fa64ffb28c884d6111710405941b08b74c3a00f70
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7bca06afca7ab9f7ff1759a8b646ec2a03cd742679f03590629242ac9de59949
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ea73b1f036d05827b99c74fa64ffb28c884d6111710405941b08b74c3a00f70
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8441E732B0012A9BCB205F7DC9A05FE77AABBB07E4B244229E565D7284E735CDC1C790
                                                                                                                                                                                                                                                                                                                                                          Function 00925393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 009253A0
                                                                                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00925416
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00925420
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 009254A7
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a6ad1b9bdef57506b0d214e310381be4e14393c8b1e091ecee15b9b8811f861e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a666c3f158eb2b6d925cc2573c2fc6c041344ac5f69e563e0eb7982a9dd5d7d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6ad1b9bdef57506b0d214e310381be4e14393c8b1e091ecee15b9b8811f861e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE31F075A006149FC710EF68D884FAABBB8FF05305F158066E505CB3A6D730DD86CB91
                                                                                                                                                                                                                                                                                                                                                          Function 00943C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateMenu.USER32 ref: 00943C79
                                                                                                                                                                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 00943C88
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00943D10
                                                                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00943D24
                                                                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00943D2E
                                                                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00943D5B
                                                                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00943D63
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d9c65abec0f76ed9d426823e0bf386e92761931d5cc4793b89d5844f4114acf9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1812fd03baf0a8cc382cc5c3f033c765bd6e022f43a17ccbf8274d7dfa3bef97
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9c65abec0f76ed9d426823e0bf386e92761931d5cc4793b89d5844f4114acf9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2416BB9A15209AFDB14CF64D884EAE7BB9FF49350F144029F946973A0D731AA10DF90
                                                                                                                                                                                                                                                                                                                                                          Function 00943A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00943A9D
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00943AA0
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00943AC7
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00943AEA
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00943B62
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00943BAC
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00943BC7
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00943BE2
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00943BF6
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00943C13
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0625985971ee6af39c27e0dc7549800d591595497865748fde3865ee6df8979e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 39c2c9410e9509f61cd50192084108eae91586172e060cd7b714b80122888210
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0625985971ee6af39c27e0dc7549800d591595497865748fde3865ee6df8979e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7616775A00208AFDB20DFA8CC81EEE77B8EB49710F104199FA15E73A1D774AA46DF50
                                                                                                                                                                                                                                                                                                                                                          Function 0091B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0091B151
                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0091A1E1,?,00000001), ref: 0091B165
                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 0091B16C
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0091A1E1,?,00000001), ref: 0091B17B
                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 0091B18D
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0091A1E1,?,00000001), ref: 0091B1A6
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0091A1E1,?,00000001), ref: 0091B1B8
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0091A1E1,?,00000001), ref: 0091B1FD
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0091A1E1,?,00000001), ref: 0091B212
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0091A1E1,?,00000001), ref: 0091B21D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 411a127842f9f426bd3804aad27a0bcd5b22201e5cdd018dddc8fab297193253
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cef91aa61a4a2751579bbb090666c758abccd4af926839374e040c8077d17da0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 411a127842f9f426bd3804aad27a0bcd5b22201e5cdd018dddc8fab297193253
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9031F2B5228208BFDB109F64DC58FAD7BAEBB22711F118404FA11D6290C7B49E809F20
                                                                                                                                                                                                                                                                                                                                                          Function 008E2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2C94
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000), ref: 008E29DE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: GetLastError.KERNEL32(00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000,00000000), ref: 008E29F0
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CA0
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CAB
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CB6
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CC1
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CCC
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CD7
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CE2
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CED
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2CFB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 219c0598f66e2667afd0a73df992256c68ad173b5bbd544707693630e48bae30
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9b85a252fce322638cca611359a4e1d9deeebebba65c05fa4e1b4d0d7c7ac6e4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 219c0598f66e2667afd0a73df992256c68ad173b5bbd544707693630e48bae30
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB119376100148BFCB02FF5AD882DDD3FA9FF06350F5254A5FA489B222DA35EA509B91
                                                                                                                                                                                                                                                                                                                                                          Function 00927DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00927FAD
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00927FC1
                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00927FEB
                                                                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00928005
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00928017
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00928060
                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009280B0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8191c0ad2aa8180d286241a234b7a466051e1c15ce09d4a262300caf5c5c0020
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c550780428f95d40e170fc6fff597ed3b09faa684777a27a8b7cb91e68fa90b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8191c0ad2aa8180d286241a234b7a466051e1c15ce09d4a262300caf5c5c0020
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C881A0725082119BCB20EF54D8449AEF3E8FF89310F154C5EF885E7264EB74DD498B62
                                                                                                                                                                                                                                                                                                                                                          Function 008B5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 008B5C7A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B5D0A: GetClientRect.USER32(?,?), ref: 008B5D30
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B5D0A: GetWindowRect.USER32(?,?), ref: 008B5D71
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B5D0A: ScreenToClient.USER32(?,?), ref: 008B5D99
                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32 ref: 008F46F5
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 008F4708
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 008F4716
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 008F472B
                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 008F4733
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008F47C4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3ecfda1d672d78fee62495f763bd484280eececf2373f5a4fb65a8ca4754b879
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 11a9faa24d0f07c596d5e67ecadfe43dabf30fcca0c96e9098bd07cb305227dd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ecfda1d672d78fee62495f763bd484280eececf2373f5a4fb65a8ca4754b879
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A71FE3440020DDFCF219F74C984AFA3BB6FF4A364F24526AEA51DA2A6C3318881DF50
                                                                                                                                                                                                                                                                                                                                                          Function 0092359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009235E4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00982390,?,00000FFF,?), ref: 0092360A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5ea7db4d91d9f2ed1569a27626471ee84132b9c6f983fdaf51e7a9b4e7c44269
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e8bd05d0f479c65b54836b97a54f0d07c8a73baccf95cab79822a588a26fd424
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ea7db4d91d9f2ed1569a27626471ee84132b9c6f983fdaf51e7a9b4e7c44269
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0515F71900219BADF14EBA4DC52EEEBB78FF44304F148125F105B22A2EB355B99DF61
                                                                                                                                                                                                                                                                                                                                                          Function 00948B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008C9BB2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C912D: GetCursorPos.USER32(?), ref: 008C9141
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C912D: ScreenToClient.USER32(00000000,?), ref: 008C915E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C912D: GetAsyncKeyState.USER32(00000001), ref: 008C9183
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C912D: GetAsyncKeyState.USER32(00000002), ref: 008C919D
                                                                                                                                                                                                                                                                                                                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00948B6B
                                                                                                                                                                                                                                                                                                                                                          • ImageList_EndDrag.COMCTL32 ref: 00948B71
                                                                                                                                                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 00948B77
                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00948C12
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00948C25
                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00948CFF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7487724347f5701f3d7efbb6077354776b4b2a4d4349558f5fa38961ac02eed6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 74f7d6f659bd3b9a3b2200d4494d2380152621b96787c1235535384121886a29
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7487724347f5701f3d7efbb6077354776b4b2a4d4349558f5fa38961ac02eed6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11518971109304AFD704EF24DC96FAE77E8FB88715F00062DF996A72A2DB719904DB62
                                                                                                                                                                                                                                                                                                                                                          Function 0092C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0092C272
                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0092C29A
                                                                                                                                                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0092C2CA
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0092C322
                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 0092C336
                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0092C341
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2f16ebd533f0b453a9ea1b7dbf89f116624de6c1805c41a04731d8ae08807773
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 97bf45433a794fb0560f7ec0f2313f1c744fe125b81533e321eb51d5b5d3ff1b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f16ebd533f0b453a9ea1b7dbf89f116624de6c1805c41a04731d8ae08807773
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3831A9F1605618AFD721DFA4AC88EAF7BFCEB4A740B10891EF44693204DB74DD049BA0
                                                                                                                                                                                                                                                                                                                                                          Function 0091989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,008F3AAF,?,?,Bad directive syntax error,0094CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 009198BC
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,008F3AAF,?), ref: 009198C3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00919987
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 013e685f74708811b950d7c68371aa8bd2d854cbc0faed0179ae6a4e468bbd30
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 47217953b44e687e9d012f14f60d8e9e5b4bc21f508a516c5d014b8ae0ceb6d0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 013e685f74708811b950d7c68371aa8bd2d854cbc0faed0179ae6a4e468bbd30
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F21943290421EBFCF15AF94CC16EEE7779FF18304F044469F619A51A2EB319658DB11
                                                                                                                                                                                                                                                                                                                                                          Function 0091209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 009120AB
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 009120C0
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0091214D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1a2ada00d02258088b427a266eeb2d9a2228f2d9def10966f017b0a792c50269
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7306158e5a2ae6febac2c7ee728fe4a876e16e5cc9c2f5db7e2282ac945fc62f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a2ada00d02258088b427a266eeb2d9a2228f2d9def10966f017b0a792c50269
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16110A7B7CC70BBAF605B324DC06DFA379CDB06328B215117FB08E51D1FAA558915514
                                                                                                                                                                                                                                                                                                                                                          Function 008E8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fd5108f8cd1bb036424faae603997d2163d41b37ee8749a70a5f229c80506bf5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 443d78c67732952b6b7f4ae58f905e815792587a74e0357633af2f2c0f353080
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd5108f8cd1bb036424faae603997d2163d41b37ee8749a70a5f229c80506bf5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28C1F174904289EFCB11DFAEC841BADBBB4FF0A310F444199E559EB392CB709941DB61
                                                                                                                                                                                                                                                                                                                                                          Function 008ECE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4119b7d4be8a2e0af44f78bcd2cd07b2b62d9b8be8a0f0096f61a0dbf60f9afa
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 394b5c00bb07a33eb7f80f31397a955e31ed57f0a8f748576aaf9276bb18c7f0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4119b7d4be8a2e0af44f78bcd2cd07b2b62d9b8be8a0f0096f61a0dbf60f9afa
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4615972D08384AFDB21AFBA9C42A697B99FF07320F14416DF904D7382DB719D069751
                                                                                                                                                                                                                                                                                                                                                          Function 009450D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00945186
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 009451C7
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,00000000), ref: 009451CD
                                                                                                                                                                                                                                                                                                                                                          • SetFocus.USER32(?,?,00000005,?,00000000), ref: 009451D1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00946FBA: DeleteObject.GDI32(00000000), ref: 00946FE6
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0094520D
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0094521A
                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0094524D
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00945287
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00945296
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7ee21df1a99311facfdad299b60b6ff40bde80ffca57c2d4e9bc1baa82b2c170
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4fc2488440e1e34e4e62e1ba75c771a9283168c7176ecc13efc2e05e1dcffaf9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ee21df1a99311facfdad299b60b6ff40bde80ffca57c2d4e9bc1baa82b2c170
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3751D670A59A08FFEF249FA4CC49FD93B69FB09320F154112F525962E2C3B5D980DB41
                                                                                                                                                                                                                                                                                                                                                          Function 008C8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00906890
                                                                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 009068A9
                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 009068B9
                                                                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 009068D1
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 009068F2
                                                                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008C8874,00000000,00000000,00000000,000000FF,00000000), ref: 00906901
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0090691E
                                                                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008C8874,00000000,00000000,00000000,000000FF,00000000), ref: 0090692D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0dac1ce5759f8d3595b2e2ec191d6bf33f0d06ec3a5e8316bd27861d2e3d8434
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 08c74e9ff054c8a3a192182bd1fe224f8892cd7300145d13ba91ddac89b6412c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0dac1ce5759f8d3595b2e2ec191d6bf33f0d06ec3a5e8316bd27861d2e3d8434
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B5165B0610209EFDB248F24CC55FAA7BB9FB48760F104518F956D62A0DB71ED90EB50
                                                                                                                                                                                                                                                                                                                                                          Function 0092C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0092C182
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0092C195
                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 0092C1A9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0092C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0092C272
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0092C253: GetLastError.KERNEL32 ref: 0092C322
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0092C253: SetEvent.KERNEL32(?), ref: 0092C336
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0092C253: InternetCloseHandle.WININET(00000000), ref: 0092C341
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f3ef5a8c13fbab9c270451d5fac4aacd1a9ebcf33db8a2db33f2428094aa9fe7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2fbd80c26c5134a7deb2f739fb3cefe53923eebe988e68b1dbd3987ce324ec9c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ef5a8c13fbab9c270451d5fac4aacd1a9ebcf33db8a2db33f2428094aa9fe7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4331AEB5205611FFDB219FA5EC04A6ABBFCFF59300B00441DF96A83619DB31E814EBA0
                                                                                                                                                                                                                                                                                                                                                          Function 009125A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00913A57
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: GetCurrentThreadId.KERNEL32 ref: 00913A5E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009125B3), ref: 00913A65
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 009125BD
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 009125DB
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 009125DF
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 009125E9
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00912601
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00912605
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0091260F
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00912623
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00912627
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fa7eb8889340b40daaa7894348c61858803e328c0ea897a286e1e741ec3ea5f7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 08b13c953e1b6d75f125e3a2a8aa5430fce122481c4aeea2f1a7bb60c6c2fc46
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa7eb8889340b40daaa7894348c61858803e328c0ea897a286e1e741ec3ea5f7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5301D4703A9214BBFB1067689C8AF993F59DF8EB52F104001F318AE0D1C9F224849AA9
                                                                                                                                                                                                                                                                                                                                                          Function 00911803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00911449,?,?,00000000), ref: 0091180C
                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00911449,?,?,00000000), ref: 00911813
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00911449,?,?,00000000), ref: 00911828
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00911449,?,?,00000000), ref: 00911830
                                                                                                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00911449,?,?,00000000), ref: 00911833
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00911449,?,?,00000000), ref: 00911843
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00911449,00000000,?,00911449,?,?,00000000), ref: 0091184B
                                                                                                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00911449,?,?,00000000), ref: 0091184E
                                                                                                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00911874,00000000,00000000,00000000), ref: 00911868
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aef338baa58fa427117bc4295b3cda56767bc814af10c548f05fd4eed5a6dc10
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 51481cb692713419970b9111fe2f6e37b7eb9f8bb2d8e565aceca1a13d16e5a3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aef338baa58fa427117bc4295b3cda56767bc814af10c548f05fd4eed5a6dc10
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B01BBB9355308BFE750AFA5DC4DF6B3BACEB8AB11F008411FA05DB1A1CA709800DB20
                                                                                                                                                                                                                                                                                                                                                          Function 0091C5D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B7620: _wcslen.LIBCMT ref: 008B7625
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0091C6EE
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0091C735
                                                                                                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0091C79C
                                                                                                                                                                                                                                                                                                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0091C7CA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0$$
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1227352736-350152771
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a2f71412c821ceeb18856b51ebd0096ce6431cce65a250a22de66459ba44963e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 570270f84c702daf12f5a7c6c194604a9f1b06e20a8ca3b4c5086543d5ff814e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2f71412c821ceeb18856b51ebd0096ce6431cce65a250a22de66459ba44963e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D51D0B17843099BD7149F28C885BEE77E8EF85350F040A2DF995D22E1DBB4D884CB52
                                                                                                                                                                                                                                                                                                                                                          Function 0093A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0091D501
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0091D50F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091D4DC: CloseHandle.KERNEL32(00000000), ref: 0091D5DC
                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0093A16D
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0093A180
                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0093A1B3
                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 0093A268
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0093A273
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0093A2C4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bf8d235ba721bd86654ed9d1349b583bc3d74d85bd2a0cbeb43244e2237ec3df
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b120108faf2eedd3b3c2c16b5e9d98dd0ea455b221acb532bd47fa3da06cc0f2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf8d235ba721bd86654ed9d1349b583bc3d74d85bd2a0cbeb43244e2237ec3df
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3661AD74208242AFD720DF58C494F66BBE5AF44318F18848CE4A68B7A3C776EC45CF92
                                                                                                                                                                                                                                                                                                                                                          Function 00943886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00943925
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0094393A
                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00943954
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00943999
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 009439C6
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009439F4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a8f9a04ea8e42a58a44c9522f2fd80a68e9fa729fb53c5823b2d619df520b22c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e10a8e21801f3ad767c8f988b29283c5638e219a65ded8718d7137bdd129b00
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8f9a04ea8e42a58a44c9522f2fd80a68e9fa729fb53c5823b2d619df520b22c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE41B171A00219EBEF219FA4CC49FEA7BA9FF48354F104526F958E7281D7719E80CB90
                                                                                                                                                                                                                                                                                                                                                          Function 0091BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0091BCFD
                                                                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(00000000), ref: 0091BD1D
                                                                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0091BD53
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00E3D308), ref: 0091BDA4
                                                                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(00E3D308,?,00000001,00000030), ref: 0091BDCC
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 567fde0b66e939c392ec6bba64c8bf5deb04e95d709d7c7366e99664c3d00235
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b2b033fc62019738434cf7a055695af52d9b64bd1842d4e695f947708145f7a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 567fde0b66e939c392ec6bba64c8bf5deb04e95d709d7c7366e99664c3d00235
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5651BEB8B0420D9BDB18CFA8E984BEEBBFAAF49314F144519F511D72D0D7709981CB51
                                                                                                                                                                                                                                                                                                                                                          Function 0091C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 0091C913
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5500c116b9506f3af8cf4a1329eba02a407d4146e424d6ecb83420e7d1c0b1fc
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eb47afbfd580471588e794e8aac439bb13d8b900a979a645ab0c647195ee6cb2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5500c116b9506f3af8cf4a1329eba02a407d4146e424d6ecb83420e7d1c0b1fc
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC113DB27C970EBBE7045B589CC3CEE279CDF15368B10506BF504EA282E7745E805269
                                                                                                                                                                                                                                                                                                                                                          Function 0091ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6a624f04f1ef40c2fd2c12b6d369ebb30b8a3a8285eaa09669a589d4ffd5e529
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 93d844cce4016c28d94381619b719b088adb9571a21c12536fdb30d7b0c362e1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a624f04f1ef40c2fd2c12b6d369ebb30b8a3a8285eaa09669a589d4ffd5e529
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9415165D1021876CB11EBB88C8A9CFB7A8EF45710F508663F918E3261FB34E255C7E6
                                                                                                                                                                                                                                                                                                                                                          Function 008CF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0090682C,00000004,00000000,00000000), ref: 008CF953
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0090682C,00000004,00000000,00000000), ref: 0090F3D1
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0090682C,00000004,00000000,00000000), ref: 0090F454
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a939ee6c824d87083bcb311070a6e17fcfc63b3a29d7438900de034b1d5af2ca
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f26f2b091f07edaa4a171519c2b26d47c86c69e57a7d1496df19954bf01f2e67
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a939ee6c824d87083bcb311070a6e17fcfc63b3a29d7438900de034b1d5af2ca
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F410B30118740BEEF788B288898F2A7EB7FB46314F14443CE647D6AA2C635E588D711
                                                                                                                                                                                                                                                                                                                                                          Function 00942D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00942D1B
                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00942D23
                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00942D2E
                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00942D3A
                                                                                                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00942D76
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00942D87
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00945A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00942DC2
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00942DE1
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d5b21cf289fcfcc3b76cb1740db0715fa7eefb9a3f73e5851328c1c64c83429
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a92299ecaa53f7f89292cb15734778044eb201977c1c4104c672367d07c92de0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d5b21cf289fcfcc3b76cb1740db0715fa7eefb9a3f73e5851328c1c64c83429
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04316D76216614BFEB214F508C89FEB3BADFB0A715F044055FE089A291D6759C50C7A4
                                                                                                                                                                                                                                                                                                                                                          Function 00915622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d7cd963d600d06f7e4c7b572db9c48905f069e9785b29f17db0326e136f96df3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 879a45741035b999330d02532976183f152b03fceca00d58cb1f6698232788fd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7cd963d600d06f7e4c7b572db9c48905f069e9785b29f17db0326e136f96df3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC21C261740A0EFBDA1856248E92FFA235CFEE13C9B470121FD049A782F768ED5081E6
                                                                                                                                                                                                                                                                                                                                                          Function 00934FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4af62a98f563a136ca49626858fcd6cee3bcd2fa0c297f1d126b610eeb51113c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2760a7d459a9db86367acda0daedd65883c0e91330516bd3190450d232804b45
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4af62a98f563a136ca49626858fcd6cee3bcd2fa0c297f1d126b610eeb51113c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD1B075A0060A9FDF14CF98C880BAEB7B9BF88344F158469E915AB281E771DD41CF90
                                                                                                                                                                                                                                                                                                                                                          Function 008F1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,008F17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 008F15CE
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008F17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008F1651
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,008F17FB,?,008F17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008F16E4
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008F17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008F16FB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E3820: RtlAllocateHeap.NTDLL(00000000,?,00981444,?,008CFDF5,?,?,008BA976,00000010,00981440,008B13FC,?,008B13C6,?,008B1129), ref: 008E3852
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,008F17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008F1777
                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 008F17A2
                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 008F17AE
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a8fe37c3b9bba05802c5d7a6b58153e4f0b49284648d17949cf6ee038f6e6fd3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 392f39f9e558abbf3c61c4e8ba312f4a3d03ead2c3d9f39a109b3ddc192866e6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8fe37c3b9bba05802c5d7a6b58153e4f0b49284648d17949cf6ee038f6e6fd3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B191B072E0021EDADF209E74C889AFE7BB5FF59314F180659EA05E7155DB25DC40CBA0
                                                                                                                                                                                                                                                                                                                                                          Function 00934523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a267b29974abe3c6cf3aac4cc65968f9f26dbf5639f8f417292f50b12fffa116
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a97e22b97082ab486e77e72f0ecc9519848f7f3a85df4919965f6d66bd978ba1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a267b29974abe3c6cf3aac4cc65968f9f26dbf5639f8f417292f50b12fffa116
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0919171A00219AFDF20CFA4CC45FAEBBB8EF46714F118559F506AB291D774A941CFA0
                                                                                                                                                                                                                                                                                                                                                          Function 00921187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0092125C
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00921284
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009212A8
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009212D8
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0092135F
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009213C4
                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00921430
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 15d924ca7bd7e3b93e9d5a414aa81022af016e49b3d3f3cb999774655a8ac0e7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9f64bb8580a0ce5126f19a35a6cf8cf8dd1a9765a92b90d7530aae4031e04f23
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15d924ca7bd7e3b93e9d5a414aa81022af016e49b3d3f3cb999774655a8ac0e7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26912475A00228EFDB00EFA8E884BBE77B9FF55310F104029E950E72A5D778E951CB90
                                                                                                                                                                                                                                                                                                                                                          Function 008C948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: be40e1fc124b87c0d202394503a8ecc4047cd9e42def0804677812a18696f445
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 584cb0e162e700de85742f0360cb841f9a49afbaee4f5b5c85acebf73ca71611
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be40e1fc124b87c0d202394503a8ecc4047cd9e42def0804677812a18696f445
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66912571D04219EFCB14CFA9C888EEEBBB8FF49320F148499E555B7291D774A942CB60
                                                                                                                                                                                                                                                                                                                                                          Function 00933947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0093396B
                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00933A7A
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00933A8A
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00933C1F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00920CDF: VariantInit.OLEAUT32(00000000), ref: 00920D1F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00920CDF: VariantCopy.OLEAUT32(?,?), ref: 00920D28
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00920CDF: VariantClear.OLEAUT32(?), ref: 00920D34
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0e75dc72ee66be72e5d0f5f89f92cd874ad2d761b1de9135e54067b7803a08e2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: df2a6403a9017ac7bd23afc4d24b3d13c111dcddc4a91f68d744d0fc2916ec1a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e75dc72ee66be72e5d0f5f89f92cd874ad2d761b1de9135e54067b7803a08e2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 379122756083059FC714EF28C48196ABBE9FB89314F14892DF88A9B351DB30EE45CF92
                                                                                                                                                                                                                                                                                                                                                          Function 00934BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?,?,?,0091035E), ref: 0091002B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?,?), ref: 00910046
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?,?), ref: 00910054
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?), ref: 00910064
                                                                                                                                                                                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00934C51
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00934D59
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00934DCF
                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00934DDA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fd1dbd25fe98e3d345755aac18ebb621ecafe489eda8f2d8fbec5d808f07bbf7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 53dc641bc57efd05bcb214f6df452706ee16a27c7c4ddd4dffdb2901d269cdc0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd1dbd25fe98e3d345755aac18ebb621ecafe489eda8f2d8fbec5d808f07bbf7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3911871D0021D9FDF14DFA4C891AEEB7B8FF48310F11456AE915A7251EB34AA44CFA1
                                                                                                                                                                                                                                                                                                                                                          Function 009420FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 00942183
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 009421B5
                                                                                                                                                                                                                                                                                                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009421DD
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00942213
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0094224D
                                                                                                                                                                                                                                                                                                                                                          • GetSubMenu.USER32(?,?), ref: 0094225B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00913A57
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: GetCurrentThreadId.KERNEL32 ref: 00913A5E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009125B3), ref: 00913A65
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009422E3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091E97B: Sleep.KERNEL32 ref: 0091E9F3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7265c43acefddab7544a08d049db6cbadc80a1ce22c7fb639e00d2cc5c5547b7
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f973981e42be8085b14062a360bf2be76798eaa87a54c8ed601f55dd1534288c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7265c43acefddab7544a08d049db6cbadc80a1ce22c7fb639e00d2cc5c5547b7
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A717C75A04205AFCB14DF68C881EAEBBF5FF88310F508499F926EB351DB74E9418B90
                                                                                                                                                                                                                                                                                                                                                          Function 00947E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • IsWindow.USER32(00E3D1C8), ref: 00947F37
                                                                                                                                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00E3D1C8), ref: 00947F43
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0094801E
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00E3D1C8,000000B0,?,?), ref: 00948051
                                                                                                                                                                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,?), ref: 00948089
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(00E3D1C8,000000EC), ref: 009480AB
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009480C3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eb8b671b28892c601296873e9c40f9af36b47fedd58b524df4e44283252c0a73
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 003660e8ce5fadb8c21f416a6dc060107ff5197b90dbb16b6ba73e304bfa1ec9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb8b671b28892c601296873e9c40f9af36b47fedd58b524df4e44283252c0a73
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67719274608208AFEB259F94C884FFABBB9FF49300F14449AF94597261DB31AC49DB10
                                                                                                                                                                                                                                                                                                                                                          Function 0091AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0091AEF9
                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0091AF0E
                                                                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0091AF6F
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 0091AF9D
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 0091AFBC
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 0091AFFD
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0091B020
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 67908bb6ecb196428d8d06ee3cbc4c9781562df83fb5b4362447e3182afd2faf
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c23760f05468b7d2e0eeaf00e25d749d3f5f5f25d1a83e5ba5eeb3d5bd97c4a1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67908bb6ecb196428d8d06ee3cbc4c9781562df83fb5b4362447e3182afd2faf
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D651C3A07157D93DFB3682348C45BFA7EAE5B06304F088989F1E9554C2D3E8ACC9D761
                                                                                                                                                                                                                                                                                                                                                          Function 0091ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 0091AD19
                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0091AD2E
                                                                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0091AD8F
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0091ADBB
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0091ADD8
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0091AE17
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0091AE38
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 417b1e0b9ee2324dbe5fa24bb9bbc59bd7db2e0f11471c89c1ff57653d8c5292
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: da1dc7c541ef9a0a6298cad1962df0c9eb462abe7f0e80ffb2a5324ae38ba86c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 417b1e0b9ee2324dbe5fa24bb9bbc59bd7db2e0f11471c89c1ff57653d8c5292
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B51D4A170A7D93DFB3683348C55BFA7EAD5B46304F088488E1D5468C2D2A4ECD8E762
                                                                                                                                                                                                                                                                                                                                                          Function 008E542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(008F3CD6,?,?,?,?,?,?,?,?,008E5BA3,?,?,008F3CD6,?,?), ref: 008E5470
                                                                                                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 008E54EB
                                                                                                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 008E5506
                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,008F3CD6,00000005,00000000,00000000), ref: 008E552C
                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,008F3CD6,00000000,008E5BA3,00000000,?,?,?,?,?,?,?,?,?,008E5BA3,?), ref: 008E554B
                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,008E5BA3,00000000,?,?,?,?,?,?,?,?,?,008E5BA3,?), ref: 008E5584
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cc9bfa4834c32ce1b7b673faa52cd2abc8dcc4637d5e75fb1e0ba51d93aa8213
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7ce0dff4912f669680788fe6cae5d171d4af8b333e487ace0a4f2bb46dd08eea
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc9bfa4834c32ce1b7b673faa52cd2abc8dcc4637d5e75fb1e0ba51d93aa8213
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B51F3B1A00689AFDB10CFA9D855AEEBBF9FF0A304F14411AF555E7291D730DA40CB60
                                                                                                                                                                                                                                                                                                                                                          Function 008D2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 008D2D4B
                                                                                                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 008D2D53
                                                                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 008D2DE1
                                                                                                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 008D2E0C
                                                                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 008D2E61
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9d633b003b7898f6c1a05d2477b23ace13b9e2ed00a601dde5bd6d66970258fc
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e4b949c28d9e9976f4db01361f7770bccd58259ec8b613cf3ae705ab9bd6472e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d633b003b7898f6c1a05d2477b23ace13b9e2ed00a601dde5bd6d66970258fc
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F419034A0020DABCF10DF69C845A9EBBB5FF55328F148266E814EB392D731AA15CBD1
                                                                                                                                                                                                                                                                                                                                                          Function 009310B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093304E: inet_addr.WSOCK32(?), ref: 0093307A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093304E: _wcslen.LIBCMT ref: 0093309B
                                                                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006), ref: 00931112
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00931121
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 009311C9
                                                                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 009311F9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 08c560a666b5404877266191aae1f1b21a0cddd9888cc91be6ac3bc074142870
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 041424abeac6366d54fa066d9b3a931ec0676234f7dfe27cb0a43d391dc7bca9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08c560a666b5404877266191aae1f1b21a0cddd9888cc91be6ac3bc074142870
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F41E175604204AFDB109F98C884BEABBE9FF45324F148059F9059B3A1C774AD41CFA1
                                                                                                                                                                                                                                                                                                                                                          Function 0091CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0091CF22,?), ref: 0091DDFD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0091CF22,?), ref: 0091DE16
                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0091CF45
                                                                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0091CF7F
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0091D005
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0091D01B
                                                                                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?), ref: 0091D061
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cad1c49493125c4c1a8040b5c3f3018d016bd3f13957b20149b6c09b2d077d7a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3f7ce0542dfb7085ce47bcd352372368e1c1cbf52d39aee62494a2678f5365ee
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cad1c49493125c4c1a8040b5c3f3018d016bd3f13957b20149b6c09b2d077d7a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA4165B194521C5FDF12EFA4D981ADDB7BDAF48380F1000E6E505EB241EA34A689CB51
                                                                                                                                                                                                                                                                                                                                                          Function 00942DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00942E1C
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00942E4F
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00942E84
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00942EB6
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00942EE0
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00942EF1
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00942F0B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c246000287bd4f8cc8a3ea97529d8de2d20698a7706ca1171a63f61e61fabc5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 43417dc6abc1d1c3d4c25a66058d0f8fda9b5865d273eb154701af8a81f3c072
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c246000287bd4f8cc8a3ea97529d8de2d20698a7706ca1171a63f61e61fabc5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C313534619241AFDB20CF58EC84F6A37E8FB8A710F9501A4F9148F2B2CB71AC41EB00
                                                                                                                                                                                                                                                                                                                                                          Function 00917726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00917769
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0091778F
                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00917792
                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 009177B0
                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 009177B9
                                                                                                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 009177DE
                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 009177EC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0f603755ff9200c066bba05873dbc5845d66258cfe1333279f39a77399b21197
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cdf11edd8740cc401605027d9def4244ec8827b89a78aa164efe91acf79ca102
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f603755ff9200c066bba05873dbc5845d66258cfe1333279f39a77399b21197
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5221A37A70921EAFDB10DFA8DC84DFBB3BCEB09364B048425BA15DB1A1D674DC818760
                                                                                                                                                                                                                                                                                                                                                          Function 009177FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00917842
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00917868
                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 0091786B
                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 0091788C
                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 00917895
                                                                                                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 009178AF
                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 009178BD
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ab096d657b407d8c2dce8d1f1bfd953dca99a42a06cc9e54fce29a5bb2079670
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2b568333a4540427ecea7adbadbd3cadf09584059996ad374209ee1b9b192375
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab096d657b407d8c2dce8d1f1bfd953dca99a42a06cc9e54fce29a5bb2079670
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11219075709209AFDB10AFE8DC88DEAB7BCEB093607108165F915CB2A1D674DC81DB74
                                                                                                                                                                                                                                                                                                                                                          Function 009204D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(0000000C), ref: 009204F2
                                                                                                                                                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0092052E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 15e70bee8da7dbe1bbc97d05eadfcd8bed97043c70258f37f4b1de853bab9156
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b380b9532d0ebaceebee61d061126c152e5641541876a628cec8efccddbad998
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15e70bee8da7dbe1bbc97d05eadfcd8bed97043c70258f37f4b1de853bab9156
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01215E75600319AFDB209F2AE844E9A77A8AF85724F204A19F8A1D62E5D7B0D940DF60
                                                                                                                                                                                                                                                                                                                                                          Function 009205A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 009205C6
                                                                                                                                                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00920601
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 43c77b1dc5b8cf49ef4362ca8920aaf2280d69ffdb18e590bab8b93dc9472178
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fdc1c7cd76a6f84db0c2512d9c6715b7a3186dff4c66ab0b30cf455a1d314444
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43c77b1dc5b8cf49ef4362ca8920aaf2280d69ffdb18e590bab8b93dc9472178
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C62192756003259FDB209F69EC44E9A77E8BFD5720F200B19F8A1E72E9D7B09860CB10
                                                                                                                                                                                                                                                                                                                                                          Function 009440AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008B604C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B600E: GetStockObject.GDI32(00000011), ref: 008B6060
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 008B606A
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00944112
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0094411F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0094412A
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00944139
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00944145
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ac4861ba72ebf2ea1f64485cf4213fb7246c5cdf4b8569863d5ba174721ef9ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fb173528f0264737a7bb3d2ff985f85df84f9ab0832d8284a6515df2c436f4c5
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac4861ba72ebf2ea1f64485cf4213fb7246c5cdf4b8569863d5ba174721ef9ea
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B11B2B215021DBEEF119F64CC86EE77F5DEF18798F014111FA18A2160C6769C61DBA4
                                                                                                                                                                                                                                                                                                                                                          Function 008ED7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008ED7A3: _free.LIBCMT ref: 008ED7CC
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED82D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000), ref: 008E29DE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: GetLastError.KERNEL32(00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000,00000000), ref: 008E29F0
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED838
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED843
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED897
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED8A2
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED8AD
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED8B8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 62502b033d8b48d59da35f8b7a074ae5359ed35bc1dc13d075520a4d8bacbc45
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32115E71540B88BAD621BFB6CC47FCB7BDCFF02700F400825B699E6093DA69F5098662
                                                                                                                                                                                                                                                                                                                                                          Function 0091DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0091DA74
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0091DA7B
                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0091DA91
                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0091DA98
                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0091DADC
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 0091DAB9
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e7d6e71943b0b72e5de6574afa7d57b4a2f9c33427c308426496fa97fd158036
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9831fb2553bdba66d1986b5bf8962159a04b144ee0509b4ef779132c0bfe13bf
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7d6e71943b0b72e5de6574afa7d57b4a2f9c33427c308426496fa97fd158036
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA0186F65052087FE750DBE09D89EEB336CEB09305F404891B746E2041EA749E844F74
                                                                                                                                                                                                                                                                                                                                                          Function 0092096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00E2EDF8,00E2EDF8), ref: 0092097B
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00E2EDD8,00000000), ref: 0092098D
                                                                                                                                                                                                                                                                                                                                                          • TerminateThread.KERNEL32(?,000001F6), ref: 0092099B
                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 009209A9
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 009209B8
                                                                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00E2EDF8,000001F6), ref: 009209C8
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00E2EDD8), ref: 009209CF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b82eaa608e786b7ca65912a0327e61eebee960ee7b37e70bd20e7856b8f291ed
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ac17ee93283801f36224846d742685a6c7f193b218ca1da4bce00925efc9572
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b82eaa608e786b7ca65912a0327e61eebee960ee7b37e70bd20e7856b8f291ed
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31F0697615BA12AFD7812FA0EE88ED6BA28BF06702F402021F202908A1C7B09461DF90
                                                                                                                                                                                                                                                                                                                                                          Function 00931C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00931DC0
                                                                                                                                                                                                                                                                                                                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00931DE1
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00931DF2
                                                                                                                                                                                                                                                                                                                                                          • htons.WSOCK32(?), ref: 00931EDB
                                                                                                                                                                                                                                                                                                                                                          • inet_ntoa.WSOCK32(?), ref: 00931E8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 009139E8: _strlen.LIBCMT ref: 009139F2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00933224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0092EC0C), ref: 00933240
                                                                                                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 00931F35
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a02caf7e726ff217536e856f83561e22c1eda74b5216dd96a3187b77ff913833
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 55632a0c853dc2561e830c576a39e2cdfbc2325dffba6f943e5ec50d753c787f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a02caf7e726ff217536e856f83561e22c1eda74b5216dd96a3187b77ff913833
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6B1AE31204300AFD324DF28C885E6A7BA9EF85318F54895CF5569B3E2DB71ED42CB92
                                                                                                                                                                                                                                                                                                                                                          Function 008B5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 008B5D30
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 008B5D71
                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 008B5D99
                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 008B5ED7
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 008B5EF8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e56cc3fe8137f92112d07f04aa33f75d9c576e329d09f975a42a9a5415b04984
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0c6a3209667bab0cd941a5ead701d6551247fb1c51a2e263b744733b490c61fd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e56cc3fe8137f92112d07f04aa33f75d9c576e329d09f975a42a9a5415b04984
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1B15678A10A4ADBDB10CFB8C4807EABBF1FF48310F14951AE9A9D7250DB34EA51DB54
                                                                                                                                                                                                                                                                                                                                                          Function 008E01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 008E00BA
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E00D6
                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 008E00ED
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E010B
                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 008E0122
                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E0140
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4eab0b3e3402b2c0997ddfd4664df2a1b84288ed9885b7bf216bccd64fd0f27b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A581E771A00B469BE7209F6ECC41B6B73E9FF42324F24463AF551DA382EBB0D9409B51
                                                                                                                                                                                                                                                                                                                                                          Function 008E61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008D82D9,008D82D9,?,?,?,008E644F,00000001,00000001,8BE85006), ref: 008E6258
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008E644F,00000001,00000001,8BE85006,?,?,?), ref: 008E62DE
                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008E63D8
                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 008E63E5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E3820: RtlAllocateHeap.NTDLL(00000000,?,00981444,?,008CFDF5,?,?,008BA976,00000010,00981440,008B13FC,?,008B13C6,?,008B1129), ref: 008E3852
                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 008E63EE
                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 008E6413
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5a1d8785cb31bfd98ee4e0180f94422b551dc9656777137b089f37625369fb26
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e292244a265d2de74ee25f332e5d6ef8115dbec8afa56ec3e5fd4ce7cc4197ab
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a1d8785cb31bfd98ee4e0180f94422b551dc9656777137b089f37625369fb26
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9051F572A00296AFDB258F66CC81EAF77A9FB56790F144229FD05D7240EB34DC60C660
                                                                                                                                                                                                                                                                                                                                                          Function 0093BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0093B6AE,?,?), ref: 0093C9B5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093C9F1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093CA68
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093CA9E
                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0093BCCA
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0093BD25
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0093BD6A
                                                                                                                                                                                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0093BD99
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0093BDF3
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0093BDFF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cdae0ea0e9e31930a021c6ad5e0db2b91cbebe12cca97a94e35f60ff79ac07ac
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4ed42f086a5f3c765fa87c3635b1333a65842587c3e60a5dc0c0ae2c05020add
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdae0ea0e9e31930a021c6ad5e0db2b91cbebe12cca97a94e35f60ff79ac07ac
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9781A170208241AFD714DF28C891E6ABBE9FF84308F14895CF5958B2A2DB31ED45CF92
                                                                                                                                                                                                                                                                                                                                                          Function 0090F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000035), ref: 0090F7B9
                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000001), ref: 0090F860
                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(0090FA64,00000000), ref: 0090F889
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(0090FA64), ref: 0090F8AD
                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(0090FA64,00000000), ref: 0090F8B1
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0090F8BB
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0acfcd0ac5a1114590dc5ae528690c00b7b60c348952480d765b7dbe32627458
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9c5c5428c05fb7b90dc4a9fbb6e045c0264dec98479dde19a8f2ddcb90ad6cf6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0acfcd0ac5a1114590dc5ae528690c00b7b60c348952480d765b7dbe32627458
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80510635600310BFDF34AB65D8A5B69B3A8FF45310B209866E906DF6D2DB748D40C7A7
                                                                                                                                                                                                                                                                                                                                                          Function 0092910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B7620: _wcslen.LIBCMT ref: 008B7625
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 009294E5
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00929506
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0092952D
                                                                                                                                                                                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 00929585
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b894908ec815e2ca72728bc0a31baa8cd37184f017e3f460242681f04e53c1b3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2a3c57cb6a970a0b0ab6b0fccc4855292263ebc7b474b0aee72cbcc2e5b278c2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b894908ec815e2ca72728bc0a31baa8cd37184f017e3f460242681f04e53c1b3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EE1A1316083109FD724DF28D881AAAB7E4FF85314F14896DF8999B3A6DB31DD05CB92
                                                                                                                                                                                                                                                                                                                                                          Function 008C920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008C9BB2
                                                                                                                                                                                                                                                                                                                                                          • BeginPaint.USER32(?,?,?), ref: 008C9241
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 008C92A5
                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 008C92C2
                                                                                                                                                                                                                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008C92D3
                                                                                                                                                                                                                                                                                                                                                          • EndPaint.USER32(?,?,?,?,?), ref: 008C9321
                                                                                                                                                                                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 009071EA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9339: BeginPath.GDI32(00000000), ref: 008C9357
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b2b89862f63da181776a581bed8a10b7c956e8bc4c9267e1d5ba45214005c863
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6ef63e2ad2d2ba5fe2782bd3ad07fc717dd36f31450131699d931bb98ab27223
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2b89862f63da181776a581bed8a10b7c956e8bc4c9267e1d5ba45214005c863
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E418070509201AFD711DF64DC88FAA7BB8FB46324F1406ADF9A5C72E1C7319845EB62
                                                                                                                                                                                                                                                                                                                                                          Function 009207EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 0092080C
                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00920847
                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00920863
                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 009208DC
                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009208F3
                                                                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00920921
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5fa3e82feb18bd04c2ae0351b1ae641435a42103bb6e6240baed46b11ceaac64
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ffd21bc65f7be5f4920559ae49a91d47013bbb52742d0e9886ce334e5908e8fb
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fa3e82feb18bd04c2ae0351b1ae641435a42103bb6e6240baed46b11ceaac64
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D415975900205AFEF14AF58EC85A6A77B9FF44300F1440A9E904DE29BDB71DE60DBA1
                                                                                                                                                                                                                                                                                                                                                          Function 009481DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0090F3AB,00000000,?,?,00000000,?,0090682C,00000004,00000000,00000000), ref: 0094824C
                                                                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 00948272
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 009482D1
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 009482E5
                                                                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 0094830B
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0094832F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a9dae9765c73fd8dfd6712469d07b28a19e24961a58ec42fc3eadf49dfee60bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 073af6ab51a4cb22bf5f59825a1a13abe15a383b4a7f16709060a574b4867663
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9dae9765c73fd8dfd6712469d07b28a19e24961a58ec42fc3eadf49dfee60bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8641E634605640AFDB25CF14D899FE97BE8FB0A754F184268E5184F272CB72AC42DB40
                                                                                                                                                                                                                                                                                                                                                          Function 00914C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00914C95
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00914CB2
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00914CEA
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00914D08
                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00914D10
                                                                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00914D1A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eab4c4ad6f6dbd94bca91413000aec2adfc0c7d4e2c79dc88e29508066ac9d98
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7f849b4ca8d1e293934acddeccb910bd31a0e1c6c007031817908c88c47312e0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eab4c4ad6f6dbd94bca91413000aec2adfc0c7d4e2c79dc88e29508066ac9d98
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F02129753052057BEB155B39AC09EBB7BADEF49750F10802DF805CA192EA71DC4096A1
                                                                                                                                                                                                                                                                                                                                                          Function 0092581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008B3A97,?,?,008B2E7F,?,?,?,00000000), ref: 008B3AC2
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0092587B
                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00925995
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0094FCF8,00000000,00000001,0094FB68,?), ref: 009259AE
                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 009259CC
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 08606760c7a582f5cab579275f0499dff865f754a0643cdf839200c4b1592155
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2fa0b3caf368906c93d31c1138b8ede19e58e625bac4427a52f148195bb89b31
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08606760c7a582f5cab579275f0499dff865f754a0643cdf839200c4b1592155
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0D171756087119FC714DF28D480A6ABBE5FF89310F16885DF88A9B361DB31EC45CB92
                                                                                                                                                                                                                                                                                                                                                          Function 0091175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00910FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00910FCA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00910FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00910FD6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00910FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00910FE5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00910FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00910FEC
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00910FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00911002
                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000000,00911335), ref: 009117AE
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 009117BA
                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 009117C1
                                                                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 009117DA
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00911335), ref: 009117EE
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 009117F5
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cfb09afd79ea2edae3a7c4c3fa3a06806dd551bed90eccf9e902433479b653bd
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 063ba9164e397edcb9886b85772ecc8a0b05ebd68d3df22a0b54f53d3c131774
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfb09afd79ea2edae3a7c4c3fa3a06806dd551bed90eccf9e902433479b653bd
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1311BB7661A209FFDB209FA4CD49FEE7BADEB46355F104018F581A7290C736A980DB60
                                                                                                                                                                                                                                                                                                                                                          Function 009114CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 009114FF
                                                                                                                                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00911506
                                                                                                                                                                                                                                                                                                                                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00911515
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000004), ref: 00911520
                                                                                                                                                                                                                                                                                                                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0091154F
                                                                                                                                                                                                                                                                                                                                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00911563
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: de3bdc790aaa4a2caa48749b7f861b6a8ff2b59d0e548b8460ff9deab9b073a2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1026d065b36f96dc4ca45900a86900721ac422b8e1e204982459e7d971e6c540
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de3bdc790aaa4a2caa48749b7f861b6a8ff2b59d0e548b8460ff9deab9b073a2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 201117B660620DBFDF118F98DE49FDA7BA9EB49744F044015FA05A20A0C3758EA0EB61
                                                                                                                                                                                                                                                                                                                                                          Function 008D3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,008D3379,008D2FE5), ref: 008D3390
                                                                                                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008D339E
                                                                                                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008D33B7
                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,008D3379,008D2FE5), ref: 008D3409
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f029582afca004b2bba43856489ff6ecf5eb25ccd1f3fcc7990ae612c3149370
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3bccdf23ad0d5b2e8dc131a7ca48f3f342b408df73fcc5aac4c580a2d54758c7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f029582afca004b2bba43856489ff6ecf5eb25ccd1f3fcc7990ae612c3149370
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3401F17331D311BEAA282BB87C859272B94FB25379320032FF410C03F0EF118D01A286
                                                                                                                                                                                                                                                                                                                                                          Function 008E2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,008E5686,008F3CD6,?,00000000,?,008E5B6A,?,?,?,?,?,008DE6D1,?,00978A48), ref: 008E2D78
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2DAB
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2DD3
                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,008DE6D1,?,00978A48,00000010,008B4F4A,?,?,00000000,008F3CD6), ref: 008E2DE0
                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,008DE6D1,?,00978A48,00000010,008B4F4A,?,?,00000000,008F3CD6), ref: 008E2DEC
                                                                                                                                                                                                                                                                                                                                                          • _abort.LIBCMT ref: 008E2DF2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f01e54bcf191f8c98af421e7bf78956a78636cfb6c65dd95d3e03918fd7b4f4b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 437ab006bf4c71f54bc5c424cd6d43534b030c6a7f9ae5127b9aa4f2ac5cba35
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f01e54bcf191f8c98af421e7bf78956a78636cfb6c65dd95d3e03918fd7b4f4b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53F0C876A096887BC252373FBC0AE1A265DFFC37A5F354529FA29D31D2EF248C015162
                                                                                                                                                                                                                                                                                                                                                          Function 00948A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008C9693
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9639: SelectObject.GDI32(?,00000000), ref: 008C96A2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9639: BeginPath.GDI32(?), ref: 008C96B9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9639: SelectObject.GDI32(?,00000000), ref: 008C96E2
                                                                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00948A4E
                                                                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,00000003,00000000), ref: 00948A62
                                                                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00948A70
                                                                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,00000000,00000003), ref: 00948A80
                                                                                                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 00948A90
                                                                                                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 00948AA0
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 97cfad695549cbdc64c4a2d39637263fdad672d0730290c65c987b02f07ffc32
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e771aef282034ffaf7210644c6288aa8b062f3ba4199617ff18f3ab5c1fe8ad
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97cfad695549cbdc64c4a2d39637263fdad672d0730290c65c987b02f07ffc32
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33111B7600510CFFDF129F94DC88EAA7F6CEB09390F048012FA199A1A1C7729D55EFA0
                                                                                                                                                                                                                                                                                                                                                          Function 009151FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00915218
                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00915229
                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00915230
                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00915238
                                                                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0091524F
                                                                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00915261
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bc2de568dce9ce796fe9b33100630d3ac564b5d6ab91730588a7b57d63944472
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 31a40d662032f6fbb4a7c46c1fbd587cbb05a62aa5a8f461b42fad996877c501
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc2de568dce9ce796fe9b33100630d3ac564b5d6ab91730588a7b57d63944472
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10018FB5A05709BFEB109BA59C49E4EBFB8EB49351F054065FA04A7290D6709800DBA0
                                                                                                                                                                                                                                                                                                                                                          Function 008B1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 008B1BF4
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 008B1BFC
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 008B1C07
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 008B1C12
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 008B1C1A
                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 008B1C22
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9554aac5ffcfd91b5bcc72a1ae8ad9411a90073f0aa5ccd9f906a8af15998398
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4c1d3c381b9c35f2d50fc33a93f1091fe4336558861a32cc6a4d9611ce59f26a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9554aac5ffcfd91b5bcc72a1ae8ad9411a90073f0aa5ccd9f906a8af15998398
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E70167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CFE5
                                                                                                                                                                                                                                                                                                                                                          Function 0091EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0091EB30
                                                                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0091EB46
                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 0091EB55
                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0091EB64
                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0091EB6E
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0091EB75
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 47e71a88bc93b5c8dd2accdd69fa81c18c49fbdc834e5efff0c4cf8d80b266b9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 31184077bfe77639fc0fbae195c816d5552d3eaeb9907c050054fd47fa3c04f0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47e71a88bc93b5c8dd2accdd69fa81c18c49fbdc834e5efff0c4cf8d80b266b9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55F0B4B6256159BFE7205B529C0DEEF3E7CEFCBB11F004158F601D1090D7A01A01D6B4
                                                                                                                                                                                                                                                                                                                                                          Function 00907439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?), ref: 00907452
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00907469
                                                                                                                                                                                                                                                                                                                                                          • GetWindowDC.USER32(?), ref: 00907475
                                                                                                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 00907484
                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00907496
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000005), ref: 009074B0
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7037369f43ce18696620e325cf9701be9d6b1f523ca8530a3153382de5b312f9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fcda70fc98a5fa2e5502985cbb728b1940d55fb394b4896f9ff8ee935a08b32c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7037369f43ce18696620e325cf9701be9d6b1f523ca8530a3153382de5b312f9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36018B75819209FFDBA05FA4DC08FAEBBBAFB05321F114064F915A21B1CB312E41AB10
                                                                                                                                                                                                                                                                                                                                                          Function 00911874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0091187F
                                                                                                                                                                                                                                                                                                                                                          • UnloadUserProfile.USERENV(?,?), ref: 0091188B
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00911894
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0091189C
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 009118A5
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 009118AC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b0444d0dbe4284733e8ee602a390929a330b07d1067ca8e7c0f7703dbbeab1b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a9ef1d992a7a4d950afa642c989c0f4cb232d08bb54f8fb8ec2b2e71506807b9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b0444d0dbe4284733e8ee602a390929a330b07d1067ca8e7c0f7703dbbeab1b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EE0C2BA21A101BFDA415FA1ED0CD0ABF29FB4AB22B108220F22581070CB329420EB50
                                                                                                                                                                                                                                                                                                                                                          Function 0093AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 0093AEA3
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B7620: _wcslen.LIBCMT ref: 008B7625
                                                                                                                                                                                                                                                                                                                                                          • GetProcessId.KERNEL32(00000000), ref: 0093AF38
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0093AF67
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 597535eab1ec33e8ab22342a96bb2b2d17de988b8f7d73ba762284dc80c89266
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 452083af9b56198c49fb8cb1646f373c137f9dca92f054418b2ff68b0e84c093
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 597535eab1ec33e8ab22342a96bb2b2d17de988b8f7d73ba762284dc80c89266
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63713475A002199FCB24DF58C485A9EBBB4FF08314F048499E856AB7A2CB74ED45CF92
                                                                                                                                                                                                                                                                                                                                                          Function 0091719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00917206
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0091723C
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0091724D
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 009172CF
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                          • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b0329fc8baab8e4ae5277d8cb5ba09cc949d792038a51fd259eadb3400010296
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 84240a7ea8ffc3c92eeab9a2ecec0dbdb586dd7ca00dc9a9e019f82d9b2d4f4c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0329fc8baab8e4ae5277d8cb5ba09cc949d792038a51fd259eadb3400010296
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 964182B1704209DFDB15CF94C884BDABBB9EF89310F1484A9BD159F20AD7B1D985CBA0
                                                                                                                                                                                                                                                                                                                                                          Function 00943D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00943E35
                                                                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00943E4A
                                                                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00943E92
                                                                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00943EA5
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ba68f6c1fcfbe363f0358dc1d43366e54c1d617dff6cc0c94764c386775382c8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d5b0082eff63a2e38d0d2abd33aa0166749d55bb8e129aeea5d6bbc3582238a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba68f6c1fcfbe363f0358dc1d43366e54c1d617dff6cc0c94764c386775382c8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4416875A12209AFDB10DF60D884EAABBB9FF49350F048129F915A7350D730AE45DF50
                                                                                                                                                                                                                                                                                                                                                          Function 00911DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00913CCA
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00911E66
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00911E79
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00911EA9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9495aa804a4e3e69876b680afa1700d13c7d10d7a7756b9badba61976d04e577
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e86de69e719eae1e418d622f30b28c39a84c7d10e603e2d99f30de75c596cc39
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9495aa804a4e3e69876b680afa1700d13c7d10d7a7756b9badba61976d04e577
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68214971B00108BFDB14ABA4DC45DFFB7BCEF41350B108519F925E72E1EB3849459620
                                                                                                                                                                                                                                                                                                                                                          Function 00942F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00942F8D
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00942F94
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00942FA9
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00942FB1
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a30fafaf06622e1841682d9bbad53d529e4d273037d87ea63957792de5aa99c0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9a27f4eca9ab645780c5b40f13337b01107ba6d9b0d07606769ea60aeb83ca75
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a30fafaf06622e1841682d9bbad53d529e4d273037d87ea63957792de5aa99c0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF219A72214209AFEB204FA4DC80EBB7BBDFB59364F904658F950D21A0D771DC95A760
                                                                                                                                                                                                                                                                                                                                                          Function 008D4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008D4D1E,008E28E9,?,008D4CBE,008E28E9,009788B8,0000000C,008D4E15,008E28E9,00000002), ref: 008D4D8D
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008D4DA0
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,008D4D1E,008E28E9,?,008D4CBE,008E28E9,009788B8,0000000C,008D4E15,008E28E9,00000002,00000000), ref: 008D4DC3
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a9b7c9d4aa83b22371e14bc22b02f85f8b6b921b93f2753f9282dd54b57b620d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0b4891bc0a94f80b63ec56c74dc9461c551c10f895d034789549a421b21fcf73
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9b7c9d4aa83b22371e14bc22b02f85f8b6b921b93f2753f9282dd54b57b620d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34F0AF75A15208BFDB109F90DC09FADBFB5EF48752F0001A9F809E2260DB305944EF90
                                                                                                                                                                                                                                                                                                                                                          Function 008B4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008B4EDD,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4E9C
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008B4EAE
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,008B4EDD,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4EC0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 65ed6eec0ca318dc28908fa3f4b6f0c521b18ad7edf32f079d92d96741853c1e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4e828d7afae7c9e154e91588b6cc689313c9226249515a19e961a09994601ff9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65ed6eec0ca318dc28908fa3f4b6f0c521b18ad7edf32f079d92d96741853c1e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6E0CD7AA1B9225FD37117296C19F9F6554FFC6F727050115FC04D2302EB60CD05D5A1
                                                                                                                                                                                                                                                                                                                                                          Function 008B4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008F3CDE,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4E62
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008B4E74
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,008F3CDE,?,00981418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008B4E87
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3b00ec13eb4b22f8e34aa48f1c02f58fd8deb8da9c097c1229dcdb48f4dd8160
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cb07499562df8fd457fb304a1749487037ad4d6b72e27fc1d08be6c3925455e2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b00ec13eb4b22f8e34aa48f1c02f58fd8deb8da9c097c1229dcdb48f4dd8160
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85D0C27A51BA215B46621B246C09DCB2B18FF8AB253454210B804E2212DF20CD01D5E0
                                                                                                                                                                                                                                                                                                                                                          Function 00922947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00922C05
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00922C87
                                                                                                                                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00922C9D
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00922CAE
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00922CC0
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6256ab158d45d5c2e9e4001720df3fab6d21d91ce6df1e0e245e25af2f114bab
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d7ca25b9c5fb7d8c44ef54183c6436d6c9b0a8cc678a853d523a8f76cb451b05
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6256ab158d45d5c2e9e4001720df3fab6d21d91ce6df1e0e245e25af2f114bab
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CB15F72D00229ABDF21EFA4DC85EDEB7BDFF49350F1040A6F509E6255EA309A448F61
                                                                                                                                                                                                                                                                                                                                                          Function 0093A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0093A427
                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0093A435
                                                                                                                                                                                                                                                                                                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0093A468
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0093A63D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b4a54f59cc50c4fe8cb9513a0a2429fb8abe98ca3fc739897e5dd276778065fc
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 54e143cf2997d93849da450b22d04a9159fce32a04e07a88a00e4f189e2cc6a2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4a54f59cc50c4fe8cb9513a0a2429fb8abe98ca3fc739897e5dd276778065fc
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5A15C71604301AFD724DF28C886F2AB7E5EB84714F14885DF59ADB392DBB4EC418B92
                                                                                                                                                                                                                                                                                                                                                          Function 008EBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00953700), ref: 008EBB91
                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0098121C,000000FF,00000000,0000003F,00000000,?,?), ref: 008EBC09
                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00981270,000000FF,?,0000003F,00000000,?), ref: 008EBC36
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EBB7F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000), ref: 008E29DE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: GetLastError.KERNEL32(00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000,00000000), ref: 008E29F0
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008EBD4B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 530854603398bf25633eb888e78734eed244887ce916e88e7c2921dd8478e5b8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2f524d7c9d5a57dcbf43d03dd0678af71ecee90cd168fdca27228628238d81f1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 530854603398bf25633eb888e78734eed244887ce916e88e7c2921dd8478e5b8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9510B71908259EFCB10EF6ADC819AFB7BCFF46320F10026AE564D7291EB309D419B91
                                                                                                                                                                                                                                                                                                                                                          Function 0091E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0091CF22,?), ref: 0091DDFD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0091CF22,?), ref: 0091DE16
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091E199: GetFileAttributesW.KERNEL32(?,0091CF95), ref: 0091E19A
                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0091E473
                                                                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0091E4AC
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0091E5EB
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0091E603
                                                                                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0091E650
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 272235e1fa2a5f5230363403cd5474b4ade9b614c2ef4e57ec13bfad109aeec4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b06ca0c976f9499100d06cd7eb485f3c08948ac46339be7401a843ba132c40f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 272235e1fa2a5f5230363403cd5474b4ade9b614c2ef4e57ec13bfad109aeec4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 925181B25083499BC724DB94DC819DF73ECEF84340F00492EFA89D3191EF74A6888766
                                                                                                                                                                                                                                                                                                                                                          Function 0093B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0093B6AE,?,?), ref: 0093C9B5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093C9F1
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093CA68
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093C998: _wcslen.LIBCMT ref: 0093CA9E
                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0093BAA5
                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0093BB00
                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0093BB63
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?), ref: 0093BBA6
                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0093BBB3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 985c6f14b67c9de999493deccad64f44c44d320ec48985a267314cc9c9470724
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 473dedb2a7439a59b2e5e0124be3882158bfdd5955c10891d075f5ac9ab8c9ae
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 985c6f14b67c9de999493deccad64f44c44d320ec48985a267314cc9c9470724
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6619D71208241AFD714DF14C490E6ABBE9FF84308F14896DF5998B2A2DB31ED45CF92
                                                                                                                                                                                                                                                                                                                                                          Function 00918BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00918BCD
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00918C3E
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00918C9D
                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00918D10
                                                                                                                                                                                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00918D3B
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 77c0c01abc9631ea31e46fa1e03b26df8b6f85e51f665ef84ad12124353fe543
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e206357930e20feff6e5184952063fcd997c1bf186f86a6ace10da7a47f92549
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77c0c01abc9631ea31e46fa1e03b26df8b6f85e51f665ef84ad12124353fe543
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F85166B5A10219EFCB10CF68D884AAAB7F9FF89310B158559F909DB350E734E911CF90
                                                                                                                                                                                                                                                                                                                                                          Function 00928AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00928BAE
                                                                                                                                                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00928BDA
                                                                                                                                                                                                                                                                                                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00928C32
                                                                                                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00928C57
                                                                                                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00928C5F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 251c71f9fd0e7b6d278e30e06738bf5d2aac5d5aea37594c824c0b5b804eb87c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c7628e136ee06a676c8927a2aa9c0ec2c2d5cb63faac3c88cb9f41236597531b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 251c71f9fd0e7b6d278e30e06738bf5d2aac5d5aea37594c824c0b5b804eb87c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48516C75A002149FCB11DF68C881EAEBBF5FF49314F088458E849AB362DB71ED41CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 00938EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00938F40
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00938FD0
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00938FEC
                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00939032
                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00939052
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00921043,?,75C0E610), ref: 008CF6E6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0090FA64,00000000,00000000,?,?,00921043,?,75C0E610,?,0090FA64), ref: 008CF70D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 12a45b870371b1c488c669b003841212ef37fc2fc66a0bf02a917cd325a753fb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 71ab1b921b7ca5a6b197358654e137379d80dc6eaecdaca4229d06bf6fe7c285
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12a45b870371b1c488c669b003841212ef37fc2fc66a0bf02a917cd325a753fb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9512734605205DFCB15DF68C484DAABBB5FF49314F0480A8E80A9B362DB71ED86CF91
                                                                                                                                                                                                                                                                                                                                                          Function 00946B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00946C33
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 00946C4A
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00946C73
                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0092AB79,00000000,00000000), ref: 00946C98
                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00946CC7
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 03d2af95e5759396923f619d57065a42b33b4b2c2b4d93914bb3acbf33d1459c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b1d56aaeea866392e8ea600f2774d1fe770346a5769cb3434d8cee673631b16c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03d2af95e5759396923f619d57065a42b33b4b2c2b4d93914bb3acbf33d1459c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F041D4B5A08104AFD724CF68CC98FA97BA9EB0B351F150268FAD5A73E0C371AD41DA41
                                                                                                                                                                                                                                                                                                                                                          Function 008E2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5921b4cf15aa37b187c10721196f10645866aa1759a79e0cb8464537925da29a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e057a585cf2987a2748b81bd26c20a7b6228e391a525953f8e1f1342a38ff953
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5921b4cf15aa37b187c10721196f10645866aa1759a79e0cb8464537925da29a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F41E272A00204AFDB24DF79C881A5DB7B9FF8A314F1545A9E615EB392D631EE01CB81
                                                                                                                                                                                                                                                                                                                                                          Function 008C912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 008C9141
                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 008C915E
                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000001), ref: 008C9183
                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000002), ref: 008C919D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2c38016da38abf250f4b0b2c2e50cbfc1ba7b97e58dfbb9ea82881e54ce57f90
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2b4f2414fec47a8c5332bca606d8ff98565188e5af1ffe3104a84f45e09aee71
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c38016da38abf250f4b0b2c2e50cbfc1ba7b97e58dfbb9ea82881e54ce57f90
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46415E71A0C60AEFDF159FA8C849FEEF774FB05324F24825AE465A22D0C734A950DB91
                                                                                                                                                                                                                                                                                                                                                          Function 00923874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetInputState.USER32 ref: 009238CB
                                                                                                                                                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00923922
                                                                                                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0092394B
                                                                                                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00923955
                                                                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00923966
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8f223fab77da0240d50bbfdf85b9c023dcbbd3773074f983dfd13af4dae53979
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 094b38a98e3c488831186ee18dfed43d4d78305a365cf950ce670eee41436e13
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f223fab77da0240d50bbfdf85b9c023dcbbd3773074f983dfd13af4dae53979
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F31C674918361DFEB39CB34B849FB637ACEB06300F048569E452D61A4E3BD96C5EB11
                                                                                                                                                                                                                                                                                                                                                          Function 0092CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0092C21E,00000000), ref: 0092CF38
                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 0092CF6F
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,0092C21E,00000000), ref: 0092CFB4
                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0092C21E,00000000), ref: 0092CFC8
                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0092C21E,00000000), ref: 0092CFF2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 613332b0c3b4a4babd86d5610821f5eef3f8e915f44150f821cf0e50b7aa12d9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 089a00b2afcbec7c76a6f86f9c995b892ad29ab4ab54a45cd4a6c571ba6fcbba
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 613332b0c3b4a4babd86d5610821f5eef3f8e915f44150f821cf0e50b7aa12d9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A318BB1504215EFDB20DFA5E984EAEBBFDEB04350B10442EF116D2145DB30EE409B60
                                                                                                                                                                                                                                                                                                                                                          Function 00911901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00911915
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 009119C1
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 009119C9
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 009119DA
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 009119E2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8ff98b25251ffd75d9f348e18cd1190e5d5056ec161d4376e487ce69f7cb7547
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3de9d6e621897fc034d8f1d49c2ecd0f617e68fbab8f40877a51b932448ae1b9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ff98b25251ffd75d9f348e18cd1190e5d5056ec161d4376e487ce69f7cb7547
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC31C0B5A0421DFFCB00CFA8DD99ADE3BB5EB45315F108229FA21A72D1C7709984DB90
                                                                                                                                                                                                                                                                                                                                                          Function 00945706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00945745
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 0094579D
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009457AF
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009457BA
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00945816
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d36a3b1bfc9d3a387fa8b15d81620cd468fc89d755f542882c7c87687345dfbe
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cf1d3491394aa979f103ea50de44b5ba8938db32575ffa08ed7f57a5bad996cc
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d36a3b1bfc9d3a387fa8b15d81620cd468fc89d755f542882c7c87687345dfbe
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F921D570904608ABDB209FE5CC85EED7BBCFF00320F108216E919EA291E7708985CF50
                                                                                                                                                                                                                                                                                                                                                          Function 008C990F Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 008C98CC
                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 008C98D6
                                                                                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 008C98E9
                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 008C98F1
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 008C9952
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1860813098-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7aa9d4683aaf7371f7f0ab8f15476e561f27ee0c7c51fcd78a5070cf1ac8c2d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6362350b47bfa036a77f9119151ed9013eee366151d7df847b39cb6398bce6c3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7aa9d4683aaf7371f7f0ab8f15476e561f27ee0c7c51fcd78a5070cf1ac8c2d5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F21ED7254A2409FC7128F24EC58EAA3F74FF17330B1441EDE9928B1A2C6328946DB60
                                                                                                                                                                                                                                                                                                                                                          Function 00930930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00930951
                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00930968
                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 009309A4
                                                                                                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 009309B0
                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 009309E8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fa6c917fc83485480ad7aefa7ee5272b63b73a42e6e6ae395899c2aee3ccff3e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e69a8fd4b3b14d9352f6c0bc3cfb2f4d2894b8b1507a019e2ef7e0c7992ac899
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa6c917fc83485480ad7aefa7ee5272b63b73a42e6e6ae395899c2aee3ccff3e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51219279600214AFD714EF68D884EAEB7E9FF85740F048068F846D7362CB70AD04DB50
                                                                                                                                                                                                                                                                                                                                                          Function 008ECDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 008ECDC6
                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008ECDE9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E3820: RtlAllocateHeap.NTDLL(00000000,?,00981444,?,008CFDF5,?,?,008BA976,00000010,00981440,008B13FC,?,008B13C6,?,008B1129), ref: 008E3852
                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008ECE0F
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ECE22
                                                                                                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008ECE31
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dd303d32bab84703311064f93214fdb466dc309b405cf989f0b3d1fd11093885
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e3832923e9b14818e8b7d866460bc0efa6f6de9d929d40ccca29939b2c6b0aed
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd303d32bab84703311064f93214fdb466dc309b405cf989f0b3d1fd11093885
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C01D8B2A062967F23211A7BAC4CD7B696DFEC7BA13150129F905D7201DB618D0291B0
                                                                                                                                                                                                                                                                                                                                                          Function 008C9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008C9693
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 008C96A2
                                                                                                                                                                                                                                                                                                                                                          • BeginPath.GDI32(?), ref: 008C96B9
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 008C96E2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 350ccc869fc0c4c21a7e0f326a407c50de9122b44ed5272b5ed5a1d9b4d9a523
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0d3a5f39232326f62d13f19f51adb110855dbc6b5428170d22641d8312921779
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 350ccc869fc0c4c21a7e0f326a407c50de9122b44ed5272b5ed5a1d9b4d9a523
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D21607082A305EFDB119F68FC18FA97B78FB11755F100259F451A62E0D3719852EB94
                                                                                                                                                                                                                                                                                                                                                          Function 00915711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b43fa100a0bfa004d5d5df29df70c0402f671d3baaf2a86f19e0230169efc70
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1278dbafedb592ac452eac85c2aae5022393a757e6d643b121c547da2eaa7cb8
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b43fa100a0bfa004d5d5df29df70c0402f671d3baaf2a86f19e0230169efc70
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B0192A574160EFAE60855149D93EFA635CEFA13A9B024021FD089A382F764EE5086A1
                                                                                                                                                                                                                                                                                                                                                          Function 008E2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,008DF2DE,008E3863,00981444,?,008CFDF5,?,?,008BA976,00000010,00981440,008B13FC,?,008B13C6), ref: 008E2DFD
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2E32
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2E59
                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,008B1129), ref: 008E2E66
                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,008B1129), ref: 008E2E6F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 675230c4ac95cdd878f7ac43cd40ffe7802ab0b587be56337b2c5671a631adb9
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d1c01c7f148e7ee2a17a4bb3c0167985fff052cb5491004d51018b33c9f46aa0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 675230c4ac95cdd878f7ac43cd40ffe7802ab0b587be56337b2c5671a631adb9
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB01F47620A6966BC612677B6C4AD2B265DFBC37B9B314028F825E32D3EB348C015121
                                                                                                                                                                                                                                                                                                                                                          Function 0091000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?,?,?,0091035E), ref: 0091002B
                                                                                                                                                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?,?), ref: 00910046
                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?,?), ref: 00910054
                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?), ref: 00910064
                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0090FF41,80070057,?,?), ref: 00910070
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1ef7fa58de6d1b328acffa7080fe430b326d0719edaab1aa2077a6fd2d49c7e5
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7306aaafeacfc3e8294677e2d969b82e8f1aff5329b79fbbd6fd3c318b3abd1f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ef7fa58de6d1b328acffa7080fe430b326d0719edaab1aa2077a6fd2d49c7e5
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F00184B6711208BFDB504F64DC04FEA7AADEB88791F144114F945D2210E7B6DD80D760
                                                                                                                                                                                                                                                                                                                                                          Function 0091E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0091E997
                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 0091E9A5
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0091E9AD
                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0091E9B7
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0091E9F3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 10ef92cbf063e6e32f222c286d820ffec7899790cd70180346c7b16974dd9233
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9de376013f3efbb158f47f31fd7e756d359bb8becec747816d94ba3aa780b83b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10ef92cbf063e6e32f222c286d820ffec7899790cd70180346c7b16974dd9233
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A015775E0AA2DDBDF40ABE4D849AEDBB78FB09700F000546E902B2240DB3495909BA1
                                                                                                                                                                                                                                                                                                                                                          Function 009110F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00911114
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 00911120
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 0091112F
                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00910B9B,?,?,?), ref: 00911136
                                                                                                                                                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0091114D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5509368377bd2cc5c0373a5870f133c2dd9b93881a2255d2d53bb9c7aa75227b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0d5bbf9d17e033932f342503f0da8afa91fd31d9c8a53368ecd2cab718f88026
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5509368377bd2cc5c0373a5870f133c2dd9b93881a2255d2d53bb9c7aa75227b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF0181B9205205BFDB514FA5DC49EAA3F6EEF8A364B100414FA41C3360DB31DC409A60
                                                                                                                                                                                                                                                                                                                                                          Function 00910FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00910FCA
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00910FD6
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00910FE5
                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00910FEC
                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00911002
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 48f23a676d9a9904ae7078f6ee353fa809ff14a7616e384a2108b2caad5019a2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b3e0072fd08b133caa85a2aa87f9001dc667f368b62cac3fe445d959fc51920d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48f23a676d9a9904ae7078f6ee353fa809ff14a7616e384a2108b2caad5019a2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F06DB9616305FFDB214FA4DC4DF963BADEF8A7A2F104414FA45C7261CA70DC809A60
                                                                                                                                                                                                                                                                                                                                                          Function 00911014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0091102A
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00911036
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00911045
                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0091104C
                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00911062
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 64360b3ccc4dce0c8cfbfbf6571eb9204bbd2ebc6b67a9b1a7dbd337a36e75f2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1f9de18982ec84615ff797a0716358e1cd9ceef4fcab4d76e49d6f52a1612efa
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64360b3ccc4dce0c8cfbfbf6571eb9204bbd2ebc6b67a9b1a7dbd337a36e75f2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11F06DB9616305FFDB215FA5EC49F963BADEF8A761F500414FA45C7250CA70D880DA60
                                                                                                                                                                                                                                                                                                                                                          Function 0092030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0092017D,?,009232FC,?,00000001,008F2592,?), ref: 00920324
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0092017D,?,009232FC,?,00000001,008F2592,?), ref: 00920331
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0092017D,?,009232FC,?,00000001,008F2592,?), ref: 0092033E
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0092017D,?,009232FC,?,00000001,008F2592,?), ref: 0092034B
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0092017D,?,009232FC,?,00000001,008F2592,?), ref: 00920358
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0092017D,?,009232FC,?,00000001,008F2592,?), ref: 00920365
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6b18a966d5bb41f29682651185d3fe223bbdf526f4798b5e0c1a171027591c4e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e9dcd0652d0a49100df169f6c5b2ccf126568f131a4873cd957f98d98fa9757
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b18a966d5bb41f29682651185d3fe223bbdf526f4798b5e0c1a171027591c4e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C801A272801B259FCB309F66E880812FBF9BF903153158A3FD19652932C371A958DF80
                                                                                                                                                                                                                                                                                                                                                          Function 008ED73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED752
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000), ref: 008E29DE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: GetLastError.KERNEL32(00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000,00000000), ref: 008E29F0
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED764
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED776
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED788
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008ED79A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 225d05c0daf85a8b1e10222f39cadf1a83632afd5f776a2c8fd5e48d456e56ff
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0f2ae6b430b29277277db6b863338616e85c41f032685bfa4b2428d5cf444a22
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 225d05c0daf85a8b1e10222f39cadf1a83632afd5f776a2c8fd5e48d456e56ff
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32F06273514388BB8625FB6AFDC2D1A7BDDFB06310B951809F058E7502C734FC808661
                                                                                                                                                                                                                                                                                                                                                          Function 00915C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00915C58
                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00915C6F
                                                                                                                                                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 00915C87
                                                                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,0000040A), ref: 00915CA3
                                                                                                                                                                                                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00915CBD
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 274c879497d11f59587ec3f483d69ff8ec91720449bfdbb7c246d3bdb10e9e92
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 58ecd0283896adb870003724e5dae6bbdc2edec9884663a7f08bfd02ba6c431a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 274c879497d11f59587ec3f483d69ff8ec91720449bfdbb7c246d3bdb10e9e92
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE01D174601B09EFEB206F10DD4EFE677B8BB01B01F020559A693A10E0DBF4AA849A90
                                                                                                                                                                                                                                                                                                                                                          Function 008E22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E22BE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000), ref: 008E29DE
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E29C8: GetLastError.KERNEL32(00000000,?,008ED7D1,00000000,00000000,00000000,00000000,?,008ED7F8,00000000,00000007,00000000,?,008EDBF5,00000000,00000000), ref: 008E29F0
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E22D0
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E22E3
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E22F4
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E2305
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bd4745f98724617fe977dbd6bcbbcdd1184c080dd1097cd6e8bd1ce74a8842e6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 870b19d379140721f461481b3ebe12df9c830df7bb0ce4017984f84adef5c88e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd4745f98724617fe977dbd6bcbbcdd1184c080dd1097cd6e8bd1ce74a8842e6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFF054B2428154ABC622BF59BC02D483F6CF719761701550AF524D6372C7354452BFE6
                                                                                                                                                                                                                                                                                                                                                          Function 008C95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 008C95D4
                                                                                                                                                                                                                                                                                                                                                          • StrokeAndFillPath.GDI32(?,?,009071F7,00000000,?,?,?), ref: 008C95F0
                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 008C9603
                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32 ref: 008C9616
                                                                                                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 008C9631
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3f89440af0f7b5a045e12851aecae494b4c748d8e594c8618d14598f93507798
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: aefcc23fc56351ebf14009887082d37177655075fc2172ea37fc94c89d5bccf4
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f89440af0f7b5a045e12851aecae494b4c748d8e594c8618d14598f93507798
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F0F63402E608EFDB265F65ED1CF643B69FB12362F048258E465951F0C7328992EF20
                                                                                                                                                                                                                                                                                                                                                          Function 008E0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                          • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 24bef9f2da890f93ca0324cba2c26b8193552c1028872fa2b740e15b0ad94811
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f7f3d565faf156947022ea8f77136d703e682f62714576d2e619c4eeba2e9d0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24bef9f2da890f93ca0324cba2c26b8193552c1028872fa2b740e15b0ad94811
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBD1CF7190028A9ACF249F6AC84DBFAB7B1FF07704F240159EA01EBA54D7799D80CB91
                                                                                                                                                                                                                                                                                                                                                          Function 00937B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D0242: EnterCriticalSection.KERNEL32(0098070C,00981884,?,?,008C198B,00982518,?,?,?,008B12F9,00000000), ref: 008D024D
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D0242: LeaveCriticalSection.KERNEL32(0098070C,?,008C198B,00982518,?,?,?,008B12F9,00000000), ref: 008D028A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D00A3: __onexit.LIBCMT ref: 008D00A9
                                                                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00937BFB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D01F8: EnterCriticalSection.KERNEL32(0098070C,?,?,008C8747,00982514), ref: 008D0202
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D01F8: LeaveCriticalSection.KERNEL32(0098070C,?,008C8747,00982514), ref: 008D0235
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f191dd7f88f0578bb8afb3c9d0d741c7e50cd9e328f7fd5864876cc30c3ea9db
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f18fc899777211dd94ef042dee1c994bc41b68e4adb7f646a406db3f13fc8302
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f191dd7f88f0578bb8afb3c9d0d741c7e50cd9e328f7fd5864876cc30c3ea9db
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 629168B0A04209AFCB24EF98D8919ADB7B5FF49304F108459F856AB392DB71AE41CF51
                                                                                                                                                                                                                                                                                                                                                          Function 00912716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009121D0,?,?,00000034,00000800,?,00000034), ref: 0091B42D
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00912760
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009121FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0091B3F8
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0091B355
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00912194,00000034,?,?,00001004,00000000,00000000), ref: 0091B365
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00912194,00000034,?,?,00001004,00000000,00000000), ref: 0091B37B
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009127CD
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0091281A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0e0bb75d67d9bef422d18a46eee9be9296d3c2e043e07e9c109148faede64ce6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ce2a178c77bfadda199795b03d5a378b3ac07f2d77474e23b1e8afea21aed598
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e0bb75d67d9bef422d18a46eee9be9296d3c2e043e07e9c109148faede64ce6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3413D76A0121CAFDB10EBA4CD85BEEBBB8EF45300F108095FA55B7191DB706E85CB61
                                                                                                                                                                                                                                                                                                                                                          Function 008E172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\nmy4mJXEaz.exe,00000104), ref: 008E1769
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E1834
                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008E183E
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\nmy4mJXEaz.exe
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2506810119-4241721728
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f4633aa2f723e280d50deba2d6434fd70672c510bb5ccc01f3f454bc0b784a4a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7795df0d1bc65d02d18aa491c0895baf28a1b0ac97c7ae249cef472bd5b32926
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4633aa2f723e280d50deba2d6434fd70672c510bb5ccc01f3f454bc0b784a4a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF318E71A04298AFDF21DB9A9C89D9EBBFCFB86710B10416AF805D7311D6708E41DB91
                                                                                                                                                                                                                                                                                                                                                          Function 0091C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0091C306
                                                                                                                                                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 0091C34C
                                                                                                                                                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00981990,00E3D308), ref: 0091C395
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 59b0ee85e38284391c4f5b6aafc7a65f1e632b31a772b7593860ee4345bc2f0d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d0c5ccd5f82a520fe929b00175eed93a39fb5b05db139a78e7e00eb9aad4031b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59b0ee85e38284391c4f5b6aafc7a65f1e632b31a772b7593860ee4345bc2f0d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5841A0B12483059FD724DF28D884B9ABBE8AF85311F008A1EF9B5972D1D730E946CB52
                                                                                                                                                                                                                                                                                                                                                          Function 00944416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0094CC08,00000000,?,?,?,?), ref: 009444AA
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32 ref: 009444C7
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009444D7
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1fd16b54432a6131ab23ace55bf036807f9315badab287ee8ec2635dc0afff10
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f8c86237d639f511a6e8eba310b9db938615dc9067dece7be2a1a12379d653bd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fd16b54432a6131ab23ace55bf036807f9315badab287ee8ec2635dc0afff10
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1319C72214605AFDF208E38DC45FEA77A9EB09338F208715F979A21E0D774EC509B50
                                                                                                                                                                                                                                                                                                                                                          Function 0093304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0093335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00933077,?,?), ref: 00933378
                                                                                                                                                                                                                                                                                                                                                          • inet_addr.WSOCK32(?), ref: 0093307A
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0093309B
                                                                                                                                                                                                                                                                                                                                                          • htons.WSOCK32(00000000), ref: 00933106
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0291361cc45f90973d7e07a2561eb020b6fe859029f24670276a3053858e1f26
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 14beeaa95d1e6432b1f6ad645704a0aae73795780bf5609ca131277d209cc8a2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0291361cc45f90973d7e07a2561eb020b6fe859029f24670276a3053858e1f26
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2631D3396042019FCB24CF69C585EAA77F4EF55318F24C059E9158F3A2DB32EE41CB61
                                                                                                                                                                                                                                                                                                                                                          Function 00944653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00944705
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00944713
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0094471A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 077e2f8930b33b8cc492932a34d1849ecb176f59575e4a162739592cb4ae8660
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c4adaa2be1ef86157eb7c59ceba11d86aca98fdc36f85923e1474782472902bf
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 077e2f8930b33b8cc492932a34d1849ecb176f59575e4a162739592cb4ae8660
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2218EB5604209AFDB10DF68DC81DA737ADEB9A3A4B000059FA00DB351CB31EC12DB60
                                                                                                                                                                                                                                                                                                                                                          Function 009195AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 30a1c7ed147a070c0ff9605e63f098e6aa349f8d2a8f3e7df9dc5225e3ba8144
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b4d5f2b2b8ec1a27653166e51050378ee40f80f10bc413519b737c994e0ed5a1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30a1c7ed147a070c0ff9605e63f098e6aa349f8d2a8f3e7df9dc5225e3ba8144
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04215B3230421566D331AB289C26FFB73DDFF92344F504426F949EB141EB65ADC1C2A6
                                                                                                                                                                                                                                                                                                                                                          Function 009437B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00943840
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00943850
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00943876
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b1196294fa82f11766b073f2ae2ff3bcb813fdaee32910556796bc86fffb659
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1c5aef1ed3d682ca3aaf03eed72a0327398e2d71ef73981ab7e0f88ec134b373
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b1196294fa82f11766b073f2ae2ff3bcb813fdaee32910556796bc86fffb659
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC21CF72610218BBEF218F65CC81FBB7B6EEF89764F10C124F9449B290C671DC5287A0
                                                                                                                                                                                                                                                                                                                                                          Function 009249F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00924A08
                                                                                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00924A5C
                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,0094CC08), ref: 00924AD0
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                          • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4d0495aec3ca2615129b40e76114fe31fe07a92e640dd21da65157d1cc595f34
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 11e38268884c1547b2b37f202b12ddfc413b5c7d3e33a8a8c5c955e8c6329070
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d0495aec3ca2615129b40e76114fe31fe07a92e640dd21da65157d1cc595f34
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21316F75A00118AFDB10DF68C885EAA7BF8EF49308F1480A9F909DB352D771ED45CB61
                                                                                                                                                                                                                                                                                                                                                          Function 009441EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0094424F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00944264
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00944271
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0e367e21bc24fec6bc9189739ad4c5e59b81081f201be1941fea7a65ea334f3e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f15333f03c7008615eda7ff0ab5eb91a03aa634a0cbaac82b7e8a2814c6e1b10
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e367e21bc24fec6bc9189739ad4c5e59b81081f201be1941fea7a65ea334f3e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66112931240208BEEF205F79CC06FAB3BACEF95B54F010524FA55E20A0D6B1DC619B10
                                                                                                                                                                                                                                                                                                                                                          Function 00912F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B6B57: _wcslen.LIBCMT ref: 008B6B6A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00912DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00912DC5
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00912DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00912DD6
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00912DA7: GetCurrentThreadId.KERNEL32 ref: 00912DDD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00912DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00912DE4
                                                                                                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00912F78
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00912DEE: GetParent.USER32(00000000), ref: 00912DF9
                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00912FC3
                                                                                                                                                                                                                                                                                                                                                          • EnumChildWindows.USER32(?,0091303B), ref: 00912FEB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 52769450176ba1578ab2b35e2193f83de53bf272ba8a587ded189affe83338ed
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 65dc084bd56938e2a5e760852d016ec2798427be0b9fb5fd1b5b0560a778d19f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52769450176ba1578ab2b35e2193f83de53bf272ba8a587ded189affe83338ed
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7411C0B5300209ABDF447F64DC95FED37BAAF88318F048075B909AB292DE3099858B70
                                                                                                                                                                                                                                                                                                                                                          Function 00945882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009458C1
                                                                                                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009458EE
                                                                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32(?), ref: 009458FD
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aec924b938ad54d1822bfd08f566167da855cc62e5bfa8745c766e81b5144607
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d2c95acd0ee581c3497b486c37f480f1d913df859bef297e7a81f7924235b01c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aec924b938ad54d1822bfd08f566167da855cc62e5bfa8745c766e81b5144607
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC01C031514208EFDB609F51DC44FAEBBB9FF45760F008099F849DA162DB308A80EF21
                                                                                                                                                                                                                                                                                                                                                          Function 0091007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 495793d657038de7ed5a7d02e929be53054f6a6d1809c96f5390495dcdfdc3c3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e5a06747397760e1bd48e5526da2aff2383af91007936dfb75c05a6417484524
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 495793d657038de7ed5a7d02e929be53054f6a6d1809c96f5390495dcdfdc3c3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FC15C75A0020AEFDB14CF94C894AAEB7B5FF88704F108598E515EB251D772DDC2CB90
                                                                                                                                                                                                                                                                                                                                                          Function 0093342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1edb72a2479e42d3e5b86c78d5d1b09507f6ba8375dc2e356295b1d9870267cf
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 61e79553c6886b24a045bb827d8a7cd86f807103ff82aaa3a826169f2abf7fec
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1edb72a2479e42d3e5b86c78d5d1b09507f6ba8375dc2e356295b1d9870267cf
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24A1F4756047009FC710DF28C586A6AB7E9FF89714F048859F98A9B362DB34EE01CF92
                                                                                                                                                                                                                                                                                                                                                          Function 00910436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0094FC08,?), ref: 009105F0
                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0094FC08,?), ref: 00910608
                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,00000000,0094CC40,000000FF,?,00000000,00000800,00000000,?,0094FC08,?), ref: 0091062D
                                                                                                                                                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 0091064E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e4fb569f0e29fab037a10699566a8e127932203ef8c01abe51205792ad6370d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b507db6aca6a9fb1f0898d342552763b02513dd812e2d06ddabc93c9f2d4bfe3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e4fb569f0e29fab037a10699566a8e127932203ef8c01abe51205792ad6370d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E481EA75A00109EFCB04DF94C984DEEB7B9FF89315F204558F506AB250DB72AE86CB60
                                                                                                                                                                                                                                                                                                                                                          Function 0093A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0093A6AC
                                                                                                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0093A6BA
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0093A79C
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0093A7AB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,008F3303,?), ref: 008CCE8A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dbf315534aab65e1d8549205b445a71d92fa1eb0e445734f7a63f328987fee12
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 635dce27a52eb0fb05616dba1ed4929349d18e8455313980d1ee94dade453268
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbf315534aab65e1d8549205b445a71d92fa1eb0e445734f7a63f328987fee12
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 895108B5508300AFD714EF28C886A6BBBE8FF89754F40492DF595D7252EB70E904CB92
                                                                                                                                                                                                                                                                                                                                                          Function 008F1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 69392dad128ef5b666a1e8f45af979641aa1d96c8c53030f65363822761e9a32
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a7fd62943f421f0618fda4247629c49bb4c752c1edcee254500b92f61ae5f8fb
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69392dad128ef5b666a1e8f45af979641aa1d96c8c53030f65363822761e9a32
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD414D3160010CEBDF217BBD9C49ABE3BA5FF96334F244226FA19D2292E67448415277
                                                                                                                                                                                                                                                                                                                                                          Function 00946278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 009462E2
                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00946315
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00946382
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b7207b7b6ebb6007adc4f4d4af8ab17159a9dd37778de3b9ec68f3fec438eed
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7198328c4e777781967b27ccc36bb2ba0535d63ab8489810b061a521fddd8e32
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b7207b7b6ebb6007adc4f4d4af8ab17159a9dd37778de3b9ec68f3fec438eed
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71512CB4A00249AFCF14DF58D880EAE7BB9FB46364F108259F865972A0D731ED41DB51
                                                                                                                                                                                                                                                                                                                                                          Function 00931AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 00931AFD
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00931B0B
                                                                                                                                                                                                                                                                                                                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00931B8A
                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00931B94
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c39a86cda8d9714a95fd50b69e74b39bf4a4c78065f8e1ea98e0c949bf5da928
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f766a9a1fe8f63b4ee0f7bbfc7a8f74c25b6b37754fc2064acf60b68fc4b99d7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c39a86cda8d9714a95fd50b69e74b39bf4a4c78065f8e1ea98e0c949bf5da928
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1941A178600200AFE720AF28C886F6A77E5EB44718F54849CF91A9F7D2D776ED41CB91
                                                                                                                                                                                                                                                                                                                                                          Function 008EB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4b1c7a49ee6a9648d10fb7f17ac69066ef6375029c4dca48a622c919cebbeef2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 23310d327628a1e55f91d8d71a1a14ead78183eaefd8f8daf60f180598ed4d00
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b1c7a49ee6a9648d10fb7f17ac69066ef6375029c4dca48a622c919cebbeef2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E041E4B1A00388AFD7249F7DCC41B6BBBA9FB89714F10462AF552DB2C2D771A9018781
                                                                                                                                                                                                                                                                                                                                                          Function 009256D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00925783
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 009257A9
                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009257CE
                                                                                                                                                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009257FA
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5c501cf432d3cedb6b2fb8a11be3ae45a140713ef473a29809f133c9957c419d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b7a40b03f45c0e6672d253e1d927dfee40bc5fb8eb2b676349f58a43b63ef945
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c501cf432d3cedb6b2fb8a11be3ae45a140713ef473a29809f133c9957c419d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE410C39600610DFCB21DF19C545A5EBBE6FF89720B19C488E84A9B366CB74FD40DB92
                                                                                                                                                                                                                                                                                                                                                          Function 008ED8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,008D6D71,00000000,00000000,008D82D9,?,008D82D9,?,00000001,008D6D71,8BE85006,00000001,008D82D9,008D82D9), ref: 008ED910
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008ED999
                                                                                                                                                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 008ED9AB
                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 008ED9B4
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008E3820: RtlAllocateHeap.NTDLL(00000000,?,00981444,?,008CFDF5,?,?,008BA976,00000010,00981440,008B13FC,?,008B13C6,?,008B1129), ref: 008E3852
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb04d9931531637b42ec63f8945390ebc2ddaaab4f48f395de96c29da9d0097b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e56744445b91fa73e3ee45c3d486b674ae082c1e86763c933718c81a5d7eadea
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb04d9931531637b42ec63f8945390ebc2ddaaab4f48f395de96c29da9d0097b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2531D072A0025AABDF249F6ADC45EAE7BA5FB42310F050269FC04DB251EB35CD55CBA0
                                                                                                                                                                                                                                                                                                                                                          Function 009452C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00945352
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00945375
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00945382
                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009453A8
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4b3cc0c2def5d25681005926a44e27deec024a4179f7ec42c41809ffe445212c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: afad2a251cc477444003876fdd95302d7cb09247f3557190db4e08c54bbc7608
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b3cc0c2def5d25681005926a44e27deec024a4179f7ec42c41809ffe445212c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6131E334A69A0CEFEF349E94CC15FE837A9AB053D0F5A4141FA10962E2C7B59D40EB42
                                                                                                                                                                                                                                                                                                                                                          Function 0091AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 0091ABF1
                                                                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0091AC0D
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 0091AC74
                                                                                                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 0091ACC6
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4239209029af6c4f4f6e7941b5dd0eb07c87c32b58b0d4943a9f99563cacd6ba
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e703c83e116dc5e13fac559c290d4dfbe4494e0230841f67e83f474f4c491ca
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4239209029af6c4f4f6e7941b5dd0eb07c87c32b58b0d4943a9f99563cacd6ba
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4311270B0631CAFEB35CB658804BFA7AAAAB89310F04461AE4D5922D1D3798DC597D2
                                                                                                                                                                                                                                                                                                                                                          Function 00947674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0094769A
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00947710
                                                                                                                                                                                                                                                                                                                                                          • PtInRect.USER32(?,?,00948B89), ref: 00947720
                                                                                                                                                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 0094778C
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 50e1d549433de5c92298b697f7107a09e50469a2f0bd41d604bcac1f22340c77
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 48e0d2fa1c59b123514f03658d8c1ecb45b059c45a9c472ba0b2c2a36f4d034f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50e1d549433de5c92298b697f7107a09e50469a2f0bd41d604bcac1f22340c77
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F141AC38A09219DFCB15CF98D894EA9B7F9FF49314F5580A8E8149B361C731E942DF90
                                                                                                                                                                                                                                                                                                                                                          Function 009416DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 009416EB
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00913A57
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: GetCurrentThreadId.KERNEL32 ref: 00913A5E
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009125B3), ref: 00913A65
                                                                                                                                                                                                                                                                                                                                                          • GetCaretPos.USER32(?), ref: 009416FF
                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(00000000,?), ref: 0094174C
                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00941752
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 52fa16e6954d468ac0490ad04e049f7ded7b0dd496b112671ce95694c9968817
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 24a37f5f1e200f9c4a9a62bb60cfa8837887f079c45426f26e7ceb78d643d066
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52fa16e6954d468ac0490ad04e049f7ded7b0dd496b112671ce95694c9968817
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44311075E00149AFC700EFA9C881DEEB7F9FF89304B5480A9E415E7311D6359E45CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 00948FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008C9BB2
                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00949001
                                                                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00907711,?,?,?,?,?), ref: 00949016
                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 0094905E
                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00907711,?,?,?), ref: 00949094
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 34b1dc55e338edd205c2be132339c6be23f1f56b3365b60468d88b82d7f8ac61
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 45ec63fcded20c67f27235f316dfc2473eedcbc3c2e2e4fee4e779142197554c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34b1dc55e338edd205c2be132339c6be23f1f56b3365b60468d88b82d7f8ac61
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22219F35611018EFDB25CF94C859EEB7BB9FB4A360F044059F90587261C7369D91EB60
                                                                                                                                                                                                                                                                                                                                                          Function 0091D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,0094CB68), ref: 0091D2FB
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0091D30A
                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 0091D319
                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0094CB68), ref: 0091D376
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1cc36820205a9aa6f6d38133ddd8a61845fed173fc797189c80d709034dc395f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 61fad14f7e0b95488dacf347b8c7b3cc60e3d0a79b3ff3ec6a9a3b67445ebd81
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cc36820205a9aa6f6d38133ddd8a61845fed173fc797189c80d709034dc395f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9721957460A3059F8710DF28C8818EE77E8FE56368F104A1DF4A9C72A1D731D986CB93
                                                                                                                                                                                                                                                                                                                                                          Function 00911571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0091102A
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00911036
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00911045
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0091104C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00911014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00911062
                                                                                                                                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 009115BE
                                                                                                                                                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 009115E1
                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00911617
                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0091161E
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 81da967bfcf5a79a2237f51d9031b4bf4316b5a229a4401a7c71690e2272f0a1
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7515da239f1cafd570bbc72950e76fbd29b64f296465a040c57699b5f46a5e4c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81da967bfcf5a79a2237f51d9031b4bf4316b5a229a4401a7c71690e2272f0a1
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E217871E01109BFDF04DFA4C949BEEB7B9EF85384F084459E542AB241E731AA85DBA0
                                                                                                                                                                                                                                                                                                                                                          Function 00942782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0094280A
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00942824
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00942832
                                                                                                                                                                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00942840
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 155776e715c7884cbda138880e11c0b630a7681fcd43af788558462be5e80131
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f8b3d133c96fbc67e98d372f8cb2897cc8fcb5007029a3021511210c650b0720
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 155776e715c7884cbda138880e11c0b630a7681fcd43af788558462be5e80131
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB21D035219111AFD7149B24C844FAA7BA9FF86324F148158F826CB7E2CB75FC82CB91
                                                                                                                                                                                                                                                                                                                                                          Function 009178F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00918D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0091790A,?,000000FF,?,00918754,00000000,?,0000001C,?,?), ref: 00918D8C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00918D7D: lstrcpyW.KERNEL32(00000000,?,?,0091790A,?,000000FF,?,00918754,00000000,?,0000001C,?,?,00000000), ref: 00918DB2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00918D7D: lstrcmpiW.KERNEL32(00000000,?,0091790A,?,000000FF,?,00918754,00000000,?,0000001C,?,?), ref: 00918DE3
                                                                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00918754,00000000,?,0000001C,?,?,00000000), ref: 00917923
                                                                                                                                                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000000,?,?,00918754,00000000,?,0000001C,?,?,00000000), ref: 00917949
                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00918754,00000000,?,0000001C,?,?,00000000), ref: 00917984
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                          • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 30c3f15ed744f6f67eb8d4ef573b72e26a08e3146eacf0e14f916d54e73ce522
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fa09c5fcda2f919ac15847211f43b75bf87ff1f1b3b8ae5bd4387d03aea575a9
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30c3f15ed744f6f67eb8d4ef573b72e26a08e3146eacf0e14f916d54e73ce522
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E11E43E304306AFDB159F78D844EBAB7B9FF85390B50402AF906CB2A4EB319841D791
                                                                                                                                                                                                                                                                                                                                                          Function 00947CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00947D0B
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00947D2A
                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00947D42
                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0092B7AD,00000000), ref: 00947D6B
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008C9BB2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: eac161bffc4b53d8bfe8ab8f5b9ea0c472293561a4f547d3addfff6b1b800617
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3dead36a263796945a2b101ae0fb7d609f0f5a42ad9d70ee279c4fff738c8f58
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eac161bffc4b53d8bfe8ab8f5b9ea0c472293561a4f547d3addfff6b1b800617
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E11D231629619AFCB109FA8DC04E6A7BA9BF46360B118724F839C72F0D7318D51DB50
                                                                                                                                                                                                                                                                                                                                                          Function 00945660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 009456BB
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009456CD
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009456D8
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00945816
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bd06768ce285b0e87bd296a997664095c46cf9e196f68f6ad2a7f378b2845972
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a07c486c10ab9f650687d84b65786d43fc065fadd11793dc0a482694fd05c78
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd06768ce285b0e87bd296a997664095c46cf9e196f68f6ad2a7f378b2845972
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19110375604608A7DB209FE6CC81EEE77ACFF11360F514526F905D6192EB74CA80CB60
                                                                                                                                                                                                                                                                                                                                                          Function 008E1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 44ce54c9cd39ea18c515c1ceedff3d7619ecc64381378838974b4f7b2b06c88a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3e64c1e9ac72eeb1dd4517951502192b89ec24b2a2baf065fee6be5df1e257e6
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44ce54c9cd39ea18c515c1ceedff3d7619ecc64381378838974b4f7b2b06c88a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F01A2B230969A3EFA51267A6CC5F27661CFF833B8B311325F921D11D2DB718C005160
                                                                                                                                                                                                                                                                                                                                                          Function 00911A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00911A47
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00911A59
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00911A6F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00911A8A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 31c7f573ed8ba935135be9d7f6155b11086a249378c18e09676db3c1bf855bdc
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 25967ab0282991d27e6f001495c1663cdcd684e9abae99f7bb48043878838fc2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31c7f573ed8ba935135be9d7f6155b11086a249378c18e09676db3c1bf855bdc
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F811F77AA01219FFEF119BA5C985FEDBB78EF08750F200091EA04B7290D6716E50DB94
                                                                                                                                                                                                                                                                                                                                                          Function 0091E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0091E1FD
                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 0091E230
                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0091E246
                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0091E24D
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a7d28456f315ce88b0f28213a5e92a8499252ba6fcc68989a1258679bba9e048
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: db69d0af74fccb81ccd5ae1c9422bf1e3cf917ad92bf9bf8a9cc40695cef64fe
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7d28456f315ce88b0f28213a5e92a8499252ba6fcc68989a1258679bba9e048
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 861104B6A18258BFC7019FA8DC09EDE7FACAB46320F004616FC24E3391D2B0890097A0
                                                                                                                                                                                                                                                                                                                                                          Function 008DD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,?,008DCFF9,00000000,00000004,00000000), ref: 008DD218
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 008DD224
                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 008DD22B
                                                                                                                                                                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000), ref: 008DD249
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b835a43a8353d7ad53f85034fdc50afb41f7c342905ecc90d9aedfc8f8e1a54a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e422de98d58ee076357399e45d32dd7bb7464411f391c61843a422576e40378f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b835a43a8353d7ad53f85034fdc50afb41f7c342905ecc90d9aedfc8f8e1a54a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A01C076809208BBCB115BA9DC09BAE7B6DFF82330F10431AF925D22D1CF719901D6A1
                                                                                                                                                                                                                                                                                                                                                          Function 008B600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008B604C
                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 008B6060
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 008B606A
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e2bda89ba9eda9fe54a86a0397bb0eaafa8e4ee9f386c428062fb53a4626fd9f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9517c37cc2136e306f6324bbb97f790e4c5416948e2eafcabc76d8e5baa5e37a
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2bda89ba9eda9fe54a86a0397bb0eaafa8e4ee9f386c428062fb53a4626fd9f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F1161B2506909BFEF125FA59C44EFA7F69FF19364F040115FA14A2220E7369C61EB90
                                                                                                                                                                                                                                                                                                                                                          Function 008D3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 008D3B56
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 008D3AD2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008D3AA3: ___AdjustPointer.LIBCMT ref: 008D3AED
                                                                                                                                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 008D3B6B
                                                                                                                                                                                                                                                                                                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 008D3B7C
                                                                                                                                                                                                                                                                                                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 008D3BA4
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c51b219c4bef0fd852236e450d243397c31aa87719fdd8458de87d7dd4792609
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E01ED32100149BBDF115F99CC46DEB7B69FF58794F04411AFE4896221C732D961DBA2
                                                                                                                                                                                                                                                                                                                                                          Function 008E3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008B13C6,00000000,00000000,?,008E301A,008B13C6,00000000,00000000,00000000,?,008E328B,00000006,FlsSetValue), ref: 008E30A5
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,008E301A,008B13C6,00000000,00000000,00000000,?,008E328B,00000006,FlsSetValue,00952290,FlsSetValue,00000000,00000364,?,008E2E46), ref: 008E30B1
                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008E301A,008B13C6,00000000,00000000,00000000,?,008E328B,00000006,FlsSetValue,00952290,FlsSetValue,00000000), ref: 008E30BF
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ced16ff2b4b6cc48843a308057abdc0564a39c04d6491912e5ecf8bca105c399
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 39cd40e85372695dd488557509fa1a56c9bff92e827977e27fb5a09272af063c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ced16ff2b4b6cc48843a308057abdc0564a39c04d6491912e5ecf8bca105c399
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E601F77631AA66ABCB318B7B9C48E677B98FF47B61B200620F915E3140D721DD01C6E0
                                                                                                                                                                                                                                                                                                                                                          Function 00917464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0091747F
                                                                                                                                                                                                                                                                                                                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00917497
                                                                                                                                                                                                                                                                                                                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 009174AC
                                                                                                                                                                                                                                                                                                                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 009174CA
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3cef02414e2899d2f141adf585e7cf51338f9674947a47185f34a7978f676744
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2eca5f48901e1e7a721bd448c62c976945b403723226ca0faddb0811f663fc68
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cef02414e2899d2f141adf585e7cf51338f9674947a47185f34a7978f676744
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F11A1B530A31A9FF7208F94DD08FD2BBFDEB00B00F108969A656D61A1D774E984DB50
                                                                                                                                                                                                                                                                                                                                                          Function 0091B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0091ACD3,?,00008000), ref: 0091B0C4
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0091ACD3,?,00008000), ref: 0091B0E9
                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0091ACD3,?,00008000), ref: 0091B0F3
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0091ACD3,?,00008000), ref: 0091B126
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2b63ea5824139e9c15e06c76b43c992ea9373f4ced1f06ab0812ff0e3cfb6ad8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b8464a4b6089d3c69605489610f39192fe6e67bc2caa70b6ce9f72e1182abf2
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b63ea5824139e9c15e06c76b43c992ea9373f4ced1f06ab0812ff0e3cfb6ad8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E011A171E0951CEBCF009FE4D958AEEBB78FF0E310F114485D941B2145CB3455909B51
                                                                                                                                                                                                                                                                                                                                                          Function 00912DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00912DC5
                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00912DD6
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00912DDD
                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00912DE4
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 63a36b1bd5431498c1f064869d2d753a424bad0f29c77baecc2fe0166c85a2fe
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e63747bac3f2bc303129d4fd83ca87b3ba4bca07efcdcb872932e1e1b4bcb812
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63a36b1bd5431498c1f064869d2d753a424bad0f29c77baecc2fe0166c85a2fe
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71E092B921A2287FD7202BB2EC0DFEB3E6CEF47BA1F014015F105D10C09AA4C880D6B0
                                                                                                                                                                                                                                                                                                                                                          Function 00948863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008C9693
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9639: SelectObject.GDI32(?,00000000), ref: 008C96A2
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9639: BeginPath.GDI32(?), ref: 008C96B9
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008C9639: SelectObject.GDI32(?,00000000), ref: 008C96E2
                                                                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00948887
                                                                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,?,?), ref: 00948894
                                                                                                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 009488A4
                                                                                                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 009488B2
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d8cc21e54dc6554014df1738c7ee884c1220484e106928ceeab7a7355ebf65ce
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7fa525fc9d99a963c499ed0f95e85021fd172dfc776a7c4895eddd063bcd8233
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8cc21e54dc6554014df1738c7ee884c1220484e106928ceeab7a7355ebf65ce
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF03A3A05A258BADB125F94AC09FCE3B6DAF06311F048100FA11651E2C7755511EBA9
                                                                                                                                                                                                                                                                                                                                                          Function 008C98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 008C98CC
                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 008C98D6
                                                                                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 008C98E9
                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 008C98F1
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 62292b964ec56e3d2d402c96d6cf972cc9c91c69d44109aa0ee6d2da80326b9c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0757f249c6192a1c958c01ae735241cd34524cfbc621475e8fca351a3fbf9e8e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62292b964ec56e3d2d402c96d6cf972cc9c91c69d44109aa0ee6d2da80326b9c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2E06D7565D280AEEB615B74BC09FE87F21EB1A336F048219F6FA980E1C7715640AB10
                                                                                                                                                                                                                                                                                                                                                          Function 0091162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 00911634
                                                                                                                                                                                                                                                                                                                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,009111D9), ref: 0091163B
                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,009111D9), ref: 00911648
                                                                                                                                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,009111D9), ref: 0091164F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4ff9a8288c03ff807653a31aba2bc4330fd00e22619736f7573058748883e100
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 78e884cb75395bc461d0d6318f4db9fbb0e362b55f73ec677849f0fcc0662c88
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ff9a8288c03ff807653a31aba2bc4330fd00e22619736f7573058748883e100
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2E046BA616211AFDBA01FA0AE0DF863BACAF467D2F148808F245D9090E76484809B60
                                                                                                                                                                                                                                                                                                                                                          Function 0090D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0090D858
                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0090D862
                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0090D882
                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0090D8A3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6da123572b14df2198741461fa905ffb2d469aae3d388a881bebdb09e6135a5b
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f598c9ff525fa302dd6b5b5de0e5bdbd46a89114857a0f53cdf72925cc2a478
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6da123572b14df2198741461fa905ffb2d469aae3d388a881bebdb09e6135a5b
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DE01AB8815209DFCF81AFA4D80CA6DBBB1FB09310F11D459F806E7360CB389941AF40
                                                                                                                                                                                                                                                                                                                                                          Function 0090D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0090D86C
                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0090D876
                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0090D882
                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0090D8A3
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 25bd13eb5e4975479ea95bb6e2774b0b0d0be57c36e642fc72338e8c368a8d8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 30558a34f08be14d2058ebd54c182fa857b68c4d5c5b16d8f4c2ace5555db3a7
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25bd13eb5e4975479ea95bb6e2774b0b0d0be57c36e642fc72338e8c368a8d8a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06E04FB8C15205DFCF90AFA4D80CA6DBBB1FB08310F119048F806E7360CB385901AF40
                                                                                                                                                                                                                                                                                                                                                          Function 00924D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B7620: _wcslen.LIBCMT ref: 008B7625
                                                                                                                                                                                                                                                                                                                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00924ED4
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3f472cad2b0d2e7a83859f6e54bc34d2f8540b18a4df64c4482376b5d75454a6
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b7a8e527f02ed559db671625abf73f04e26dbdc4ce4640efe98ab776a5f8d45
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f472cad2b0d2e7a83859f6e54bc34d2f8540b18a4df64c4482376b5d75454a6
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C991AE75A002149FCB14DF58D584EAABBF5FF88304F198099E80A9F3A6C735ED85CB91
                                                                                                                                                                                                                                                                                                                                                          Function 008DE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 008DE30D
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e662934fad0a91b5d9799ff8da064490259cb94401c3640e8dfd4d66ef43933f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1dc224befe895ab76b5351e6e36717a8608b9dc3973c7513dfdad05ee22cec40
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e662934fad0a91b5d9799ff8da064490259cb94401c3640e8dfd4d66ef43933f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A518061A1C24796DB15771ADD013793BA8FB41B41F304B6AF4D5CA3ECEB308C81AB46
                                                                                                                                                                                                                                                                                                                                                          Function 008CE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 27adf1c2ad8c3aa76f11027d27dc0820b4f78a69f8c7df9c0c0ba147a23aec90
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bde212fcbe522877ecb7a7b495feebd8b098a9e1a2e15848e76949a769d2e92c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27adf1c2ad8c3aa76f11027d27dc0820b4f78a69f8c7df9c0c0ba147a23aec90
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0051FE75A0424A9FDB25DF28C481BFA7BA8FF56310F248459F891DB2D0D634DD42CBA1
                                                                                                                                                                                                                                                                                                                                                          Function 008CF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 008CF2A2
                                                                                                                                                                                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 008CF2BB
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7658cf4d89e38bf24d33ad79f2f5347ca356975697e80e525c77aedf3b81fd4d
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b73345ed1247db3df9c7fe4bdfaf9d0761028cb6d200704ece2d61e2114b5912
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7658cf4d89e38bf24d33ad79f2f5347ca356975697e80e525c77aedf3b81fd4d
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E151277141CB449BD320AF14DC86BABBBF8FB84300F81885DF2D981295EB719569CB67
                                                                                                                                                                                                                                                                                                                                                          Function 00935745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 009357E0
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009357EC
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 41797e6dcf61f83c7ef1c2dd500ae93a6c22e5f811615195e3035f6b6fdf3cee
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 44b656d26df701a0fa25cf54225fe774ab49d635a15915c88ef849d1d10c6443
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41797e6dcf61f83c7ef1c2dd500ae93a6c22e5f811615195e3035f6b6fdf3cee
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85417E71A002099FCB14DFA9C8829AEBBB9FF59314F114069E505A7262E7349D81CF90
                                                                                                                                                                                                                                                                                                                                                          Function 0092D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0092D130
                                                                                                                                                                                                                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0092D13A
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: |
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 57f2c7f4f26a4299deb6403fa9468c8d65ebcd5819455c920691384b5d123c0f
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a125f43b443204a811cb1ef1b7cecc209420937e4cd1ad9fb13bb54cdf43c80e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57f2c7f4f26a4299deb6403fa9468c8d65ebcd5819455c920691384b5d123c0f
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7312C71D01219EBCF15EFA4DC85AEEBFB9FF05300F100019F815A62A6E735AA16DB51
                                                                                                                                                                                                                                                                                                                                                          Function 0094356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 00943621
                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0094365C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b27a2bad93c01e2dad79a452695456999e444a5bb5210cc70db8aad9f16c347
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b8a3422ba2a0ad59ea2bc7f7fe8b4489c498bb26d04aca53dece5903f64c4778
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b27a2bad93c01e2dad79a452695456999e444a5bb5210cc70db8aad9f16c347
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32318871110605AEDB209F38DC81EFB73ADFF88724F018619F8A9D7290DA34AD91DB60
                                                                                                                                                                                                                                                                                                                                                          Function 00944537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0094461F
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00944634
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 39ae76958259bdfa9b320a9333872d1dd5ecca2cf9636ed2dfa89bde8f684540
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8126ad619b1e364d590b370d7bd3a82f565130d3217d5e798089b89bc66b83c3
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39ae76958259bdfa9b320a9333872d1dd5ecca2cf9636ed2dfa89bde8f684540
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73310674A0120A9FDF14CFA9C991FDABBB9FB49300F15416AE905AB351E770A941CF90
                                                                                                                                                                                                                                                                                                                                                          Function 009431EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0094327C
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00943287
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                          • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ebba823317a908474f82861ef4e92ab1392be4c55e1156169871b5a19a928a06
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 90f44cf688f12cd550828a26f2489fa48d82747f13363a58a770d66a49236c14
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebba823317a908474f82861ef4e92ab1392be4c55e1156169871b5a19a928a06
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B911C4713042087FFF259FA4DC81EBB376EEF98364F108225F928A7290D6B59D519760
                                                                                                                                                                                                                                                                                                                                                          Function 0091EF10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: 0S$HANDLE
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-2033158907
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 48deb52f5dcb1a1ec2d68bc8dc9d77364c80f45fa2f2292cbd0477775692746a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 791abeae9e4989246a3e882f1e86030bb61f6d1e6344c0cf37ff107653047834
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48deb52f5dcb1a1ec2d68bc8dc9d77364c80f45fa2f2292cbd0477775692746a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E11D07172011C9BE7289F54D889BEDB3ADEF81766FA0446AEC41CE2C4E7749EC28714
                                                                                                                                                                                                                                                                                                                                                          Function 00943710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008B604C
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B600E: GetStockObject.GDI32(00000011), ref: 008B6060
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 008B606A
                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0094377A
                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00943794
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1941349e48bd2c8ecd7f6b366ce0b41d352f43c060f5d3e4d03d78f6e4d59f9c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 43c42d36b60130e9c36502e11024006e15a74c84f63fa6a64a069350c404d9f1
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1941349e48bd2c8ecd7f6b366ce0b41d352f43c060f5d3e4d03d78f6e4d59f9c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C1126B261020AAFDB00DFB8CC46EEA7BB8FB09314F004915F995E2250E735E8619B60
                                                                                                                                                                                                                                                                                                                                                          Function 0092CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0092CD7D
                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0092CDA6
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                          • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a45556829f2d24179012a71db143a226d64cc6291fb9ebc6b767b2eb0d71fb24
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c18b2ce36783ed75d2caf533a4ed9c2296f2ca74e55f882e33031a8adfeae48
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a45556829f2d24179012a71db143a226d64cc6291fb9ebc6b767b2eb0d71fb24
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A011C6F52156317AD7344B669C45EEBBEACEF127A4F004626B109930C4D7749845D6F0
                                                                                                                                                                                                                                                                                                                                                          Function 00943429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextLengthW.USER32(00000000), ref: 009434AB
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009434BA
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: edit
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6530c000b645d23b6d982b8d3d41d0d51f86c3ca89c0949f6720d9b037452f55
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 645c4dbd9659445ad910a43337bc5fd57bae3c7e831b9e7c5a4969e6a29e9f9e
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6530c000b645d23b6d982b8d3d41d0d51f86c3ca89c0949f6720d9b037452f55
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60119A71210208AEEB228E74DC80EEB376EEB15378F508724F960931E0C735DC91AB60
                                                                                                                                                                                                                                                                                                                                                          Function 00916C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 00916CB6
                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00916CC2
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                          • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2324af64eced18bac5e6b9a00ad8a492a9e9609e762cb6ba56c86ef4346366b2
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 22839c4b909008aaae1dbebc8df4ad3c2fbccad462d9ba8194f6f0adacbb7b39
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2324af64eced18bac5e6b9a00ad8a492a9e9609e762cb6ba56c86ef4346366b2
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE01C432F1052A8BCB209FBDDC909FF77A9FB61710B510924E992D6291EB31D980C690
                                                                                                                                                                                                                                                                                                                                                          Function 00911CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00913CCA
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00911D4C
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4d2d044c14ed4aee06e7235000bc1b83788cf0ca71de4e60b53e8cfec00196f4
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d6863b8d2c11739333461b575f84084aea32be65f14bb1eec69d0afe780b75ff
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d2d044c14ed4aee06e7235000bc1b83788cf0ca71de4e60b53e8cfec00196f4
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F01D47970121CBB8B08EBA4DC51DFE77B8FB46350B144A19F9A6A73C1EA305948C661
                                                                                                                                                                                                                                                                                                                                                          Function 00911BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00913CCA
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00911C46
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5531a408767dab3dc1c6e2ab1f981782ce750bda005529c6bcd50d84565462bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8d962a3d162cf463e9cd90e4110a0eda4bb95fb6ca37a8e0133be1fff698d25f
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5531a408767dab3dc1c6e2ab1f981782ce750bda005529c6bcd50d84565462bb
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D01A77578110C7BCB04EB94C952EFF77ACEB51340F140019EA86A7282EA649F48C6F2
                                                                                                                                                                                                                                                                                                                                                          Function 00911C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00913CCA
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00911CC8
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2d760634e9fc3f031e4b83667501078824a93586a6864e794028651fb2f37a9e
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b5ce037754ab4afb2efdd3b35d6e465df3dd1b688b1abca725475b7fa18a13c0
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d760634e9fc3f031e4b83667501078824a93586a6864e794028651fb2f37a9e
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C01D6B578111C77CF04EBA4CA51EFF77ACAB12340F140015BA86B3282EA609F48C6F2
                                                                                                                                                                                                                                                                                                                                                          Function 00911D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008B9CB3: _wcslen.LIBCMT ref: 008B9CBD
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00913CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00913CCA
                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00911DD3
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8c85ff45dbe6e8383d32d20bcb6a35caa480fc345913603efce08710ee6d42ef
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 909057f78908ca61c98a0b23df90e5cdb2aa56f429a3f0681b92695aeb8a5f70
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c85ff45dbe6e8383d32d20bcb6a35caa480fc345913603efce08710ee6d42ef
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1F0A475B5121C77DB04E7A8DC92FFE777CFB42350F140919FA66A32C2EA605A4882A1
                                                                                                                                                                                                                                                                                                                                                          Function 0093747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                          • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 310e3d9a5a8508f124ff817e9d06be1885151478949a45daa1a6ff16a782b811
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f304157643e549b287371c15103838f8d24fe3fff769ff216a3ab93dcbf21d04
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 310e3d9a5a8508f124ff817e9d06be1885151478949a45daa1a6ff16a782b811
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE0EC4620431021523112AA9CC557F9B8EDEC9750F10141BF585C1376E6949D9153A1
                                                                                                                                                                                                                                                                                                                                                          Function 00910B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00910B23
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dc804d2120965b219922b10e98bae83b984468280a283c94b1f0f97e8ce109f8
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8fa1753aaf5f4536b86f704b789a9f3ac178e33291784f4ab436f59be178e9fd
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc804d2120965b219922b10e98bae83b984468280a283c94b1f0f97e8ce109f8
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24E0D8722893183BD25437987C03FC97B88EF05B65F10442AF798D55C38AE2649006EA
                                                                                                                                                                                                                                                                                                                                                          Function 008D0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008CF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,008D0D71,?,?,?,008B100A), ref: 008CF7CE
                                                                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,008B100A), ref: 008D0D75
                                                                                                                                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,008B100A), ref: 008D0D84
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008D0D7F
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 616b4d9ad7d10377448d8259cab206bf0aa5c93160bf5f5827d4d841d9a51922
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a0d4153d522b5a4f6c845862e544cfcd54e08ee85773bf4b83dbcd3b7a37028
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 616b4d9ad7d10377448d8259cab206bf0aa5c93160bf5f5827d4d841d9a51922
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DE039B42007428BD7709FA8E404B427BE5FB04745F004A2EE492C6752DBF0E4489FA1
                                                                                                                                                                                                                                                                                                                                                          Function 00923017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0092302F
                                                                                                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00923044
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                          • String ID: aut
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 81eab27920e72045c57df5796baadb2029bc7094ac3d31a18cc51b68c8ae4e7c
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d09bfee26607e087943e5ff09001c61ce35dffc6d155bfe5632127670afe171d
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81eab27920e72045c57df5796baadb2029bc7094ac3d31a18cc51b68c8ae4e7c
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FED05EB65013287BDA70A7A4AC0EFCB3A6CDB05754F4002A1B665E2095DAF0D984CAD4
                                                                                                                                                                                                                                                                                                                                                          Function 00942322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0094232C
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0094233F
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091E97B: Sleep.KERNEL32 ref: 0091E9F3
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6ea4abb68cadd6f8e0be9d5d54a410a15204f436f8546ff78070d1316422eec0
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7afe25ad02ca0dd30df4cbe2831e18478c46ebc431d76533f8879b5cc5502716
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ea4abb68cadd6f8e0be9d5d54a410a15204f436f8546ff78070d1316422eec0
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48D022BA3A9300BBE3A8B330DC0FFCA7A149B40B00F008906770AAA0D0C8F0A800CA04
                                                                                                                                                                                                                                                                                                                                                          Function 00942356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0094236C
                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000), ref: 00942373
                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0091E97B: Sleep.KERNEL32 ref: 0091E9F3
                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d86b6bbf2cb0db273e60c632da6e0a186d89bae55d926791b40037f14f7f143
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7216118e87bf798bc875463f96441f6fdaa4b02c5c92c1b340d2ee5a0877877c
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d86b6bbf2cb0db273e60c632da6e0a186d89bae55d926791b40037f14f7f143
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AD0A9B639A3007AE2A8A3309C0FFCA66149B41B00F0089067706AA0D0C8A0A8008A08
                                                                                                                                                                                                                                                                                                                                                          Function 008EBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 008EBE93
                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 008EBEA1
                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008EBEFC
                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1397108680.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397016288.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.000000000094C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397313332.0000000000972000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397465622.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1397560387.0000000000984000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b0000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8033b6e7d509b2d19c7e3cde44b99920421dcaf75006e6d474af716966a7433a
                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0d8cbdf04ef32b826880ba2ee9053183c333b4b7fa37cc0318ea8ca98e68425b
                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8033b6e7d509b2d19c7e3cde44b99920421dcaf75006e6d474af716966a7433a
                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E041B634605286AFCB218FA6CC54AAB7BA5FF43310F144269F959E72A1DF309D01DB61